1
00:00:07,590 --> 00:00:12,660
First, we're going to start with Chicago right now, I want to be able to assess each into this box

2
00:00:13,200 --> 00:00:19,500
from a machine in our last and a production environment, you probably wouldn't do this, but this is

3
00:00:19,500 --> 00:00:21,870
a lab and we're learning I'm definitely going to do it.

4
00:00:22,650 --> 00:00:28,440
So when we go into open sets, first we need to first go to this wizard so we can go next and we'll

5
00:00:28,440 --> 00:00:29,140
keep the hostname.

6
00:00:29,140 --> 00:00:39,180
We'll teach it to me to carbon, like nonlocal, providing us 10, 150, zero, dark 50 and the second

7
00:00:39,180 --> 00:00:43,320
18 we put in there, that looks pretty good.

8
00:00:44,550 --> 00:00:44,890
All right.

9
00:00:44,890 --> 00:00:47,810
So we'll keep the time servers and I'll change the time zone.

10
00:00:50,890 --> 00:00:51,670
To make it relevant.

11
00:00:54,860 --> 00:00:58,720
Cool and everything else in here looks good.

12
00:01:02,030 --> 00:01:05,390
So it's enable secure shall SFH we go to system?

13
00:01:07,880 --> 00:01:10,040
Settings administration.

14
00:01:12,960 --> 00:01:20,940
Scroll down a little bit, enable Chicago permit route and password login save.

15
00:01:23,080 --> 00:01:27,700
Changes have been applied successfully, very cool, so now we just need to update the appliance so

16
00:01:30,460 --> 00:01:31,030
firmware.

17
00:01:32,000 --> 00:01:32,750
Update's.

18
00:01:35,550 --> 00:01:37,140
And we're just going to check for updates.

19
00:01:40,970 --> 00:01:45,150
All right, so we've got some updates here, we're going to install this latest package, so I'm going

20
00:01:45,150 --> 00:01:46,080
to get close.

21
00:01:47,720 --> 00:01:48,620
Yeah, there's a lot here.

22
00:01:48,680 --> 00:01:50,950
Let's get everything update now.

23
00:01:52,100 --> 00:01:55,160
Firewall will reboot directly after this four hour update.

24
00:01:55,220 --> 00:01:55,690
That's good.

25
00:01:58,350 --> 00:02:03,090
In one of its updates, we should be able to assess into the appliance and sort of check up on it,

26
00:02:05,260 --> 00:02:09,910
so let's see, 100 zero, not one.

27
00:02:13,520 --> 00:02:14,750
All right, let's do that.

28
00:02:22,000 --> 00:02:23,230
All right, so it's still up.

29
00:02:25,190 --> 00:02:27,560
And still updating, so we'll just come back once this finishes.

30
00:02:29,120 --> 00:02:32,120
So you guys are a little bit like the connection went down.

31
00:02:34,440 --> 00:02:45,210
And we can just ping the target maybe 100 times to wait until it comes back, and I got that from here,

32
00:02:46,110 --> 00:02:50,310
tech in count number of echo requests to send.

33
00:02:53,060 --> 00:02:57,560
OK, so we're getting supplies into that clear.

34
00:03:00,000 --> 00:03:03,200
All right, and we got the Web interface back, that's a good sign.

35
00:03:03,570 --> 00:03:04,290
It's a lot back in.

36
00:03:06,090 --> 00:03:06,570
All right.

37
00:03:06,570 --> 00:03:07,860
So let's enable a few plug ins.

38
00:03:08,400 --> 00:03:10,950
So we go to system firmware plug ins.

39
00:03:11,340 --> 00:03:14,100
We can type in OS, dash themed apps, rebellion.

40
00:03:14,550 --> 00:03:19,590
That's our dark theme and that's what we need to get configured first os the rebellion.

41
00:03:19,830 --> 00:03:20,370
There we go.

42
00:03:20,760 --> 00:03:21,800
A suitably dark theme.

43
00:03:21,990 --> 00:03:23,160
Yes, install.

44
00:03:23,990 --> 00:03:24,800
Right, that's done.

45
00:03:25,350 --> 00:03:26,670
Let's go back to plug ins.

46
00:03:27,360 --> 00:03:32,030
And then the other one we're going to type in is the telemetry E.T..

47
00:03:32,070 --> 00:03:32,590
There it is.

48
00:03:33,330 --> 00:03:34,710
So what is it like being stubborn here?

49
00:03:36,650 --> 00:03:37,430
And let that rip.

50
00:03:39,670 --> 00:03:43,900
Something's locked up here, so you may need to reboot something before we can do this or putting it

51
00:03:44,320 --> 00:03:45,730
into the box and kill that process.

52
00:03:45,730 --> 00:03:50,650
But in the meanwhile, let's just enable the theme so we can get a system settings.

53
00:03:52,630 --> 00:03:55,510
General, in here, we can change the theme to rebellion.

54
00:03:57,090 --> 00:03:58,380
Scroll down and save.

55
00:04:00,830 --> 00:04:01,790
All right, that looks pretty good.

56
00:04:01,940 --> 00:04:09,740
Now let's check out our services and then we can contract system and go down to services, intrusion

57
00:04:09,740 --> 00:04:12,740
detection and administration.

58
00:04:16,890 --> 00:04:22,170
We just want to make sure it's enabled by mode and promiscuous mode and we get all the blogging we need

59
00:04:24,000 --> 00:04:26,730
for the pattern matching, we'll change this to hyper scan.

60
00:04:28,140 --> 00:04:31,230
And for the interfaces, we'll just keep it up, man, right now.

61
00:04:31,260 --> 00:04:37,710
Now, if you were installing since you just wanted to be on one of these, you can't have it on both.

62
00:04:38,370 --> 00:04:40,170
Specifically, the land needs to be disabled.

63
00:04:40,770 --> 00:04:44,310
If we're not installing Sansei, then you can enable both interfaces.

64
00:04:44,550 --> 00:04:50,250
But since I'm installing since I am only going to enable when and this is for Cerqueira, this section

65
00:04:50,250 --> 00:04:52,950
here, the Intrusion Detection Administration section.

66
00:04:54,240 --> 00:04:54,500
All right.

67
00:04:54,510 --> 00:04:55,920
So this all looks good so far.

68
00:04:56,070 --> 00:04:56,790
I click apply.

69
00:04:58,780 --> 00:05:02,510
Go to download, so we want all these emerging threat rules, right?

70
00:05:02,530 --> 00:05:03,970
We weren't compromised.

71
00:05:04,870 --> 00:05:09,370
We want, you know, emerging ActiveX, emerging chat.

72
00:05:09,400 --> 00:05:10,170
All this good stuff.

73
00:05:10,180 --> 00:05:11,290
Now, this is the free ruleset.

74
00:05:11,890 --> 00:05:15,580
And we tried to install the we're going to install the ETTY Pro.

75
00:05:15,580 --> 00:05:16,720
We'll set in a moment.

76
00:05:16,720 --> 00:05:17,980
But first, let's get the free working.

77
00:05:18,130 --> 00:05:23,860
I'm going to click this top checkbox and then I'm going to say enable selected and then this enabled

78
00:05:23,860 --> 00:05:25,690
column should change from EXIS.

79
00:05:27,180 --> 00:05:28,770
To checkboxes nice.

80
00:05:30,660 --> 00:05:36,390
Mean we should be able to go down to the bottom and download an update rules so it's not installed,

81
00:05:36,390 --> 00:05:37,080
that should change.

82
00:05:38,560 --> 00:05:39,360
Let's give it a second.

83
00:05:40,830 --> 00:05:41,390
All right.

84
00:05:41,400 --> 00:05:42,750
Looking really good.

85
00:05:44,260 --> 00:05:46,380
Let's see if we can go over to rules.

86
00:05:47,730 --> 00:05:48,990
We should see our rules populate.

87
00:05:49,020 --> 00:05:49,800
We got them all here.

88
00:05:49,830 --> 00:05:51,460
These are all of our signatures.

89
00:05:52,950 --> 00:05:54,360
We have tons of them, as you can see.

90
00:05:56,590 --> 00:06:00,460
We've got yet thousands of rules, very, very cool.

91
00:06:03,020 --> 00:06:04,500
And we don't have any user defined rules.

92
00:06:04,520 --> 00:06:08,810
There should be no alerts because we just set this up and that's that.

93
00:06:08,810 --> 00:06:10,370
You can see it is running.

94
00:06:11,030 --> 00:06:12,050
That's what the green box means.

95
00:06:12,380 --> 00:06:16,250
OK, so in the next lecture, we're going to get into the process.

96
00:06:16,370 --> 00:06:23,090
So I'm going to show you how you can set that up and how we can upgrade our rules to get maximum detections

97
00:06:23,090 --> 00:06:24,450
for the attacks we in our lab.

98
00:06:24,900 --> 00:06:25,300
Right.

99
00:06:25,310 --> 00:06:27,140
I'll see you guys in the next lecture by.