A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Arming Small Security Programs: Network Baseline Generation and Alerts with Bropy - Matt Domko (BSidesCharm 2017) (Hacking Illustrated Series InfoSec Tutorial Videos)

Arming Small Security Programs: Network Baseline Generation and Alerts with Bropy

Matt Domko
@hashtagcyber

BSidesCharm 2017
http://www.bsidescharm.com

Anomaly based IDS tools are expensive. Signature based IDS tools only work if a signature exists. Using a simple Bro script, organizations without large security budgets can generate alerts for anomalous packets IF they have a complete baseline of the ports and protocols their devices use. I wrote Bropy to simplify the process of generating a network baseline to be used with Bro. With this tool, small security teams can generate network baselines for systems in a matter of minutes, rather than hours or days. Armed with the data generated by Bropy, organizations have the option to either continue to receive alerts on anomalous communication, or use the data to generate firewall configurations to enhance network security. Written in Python, Powered by Bro

Matt Domko is an Information Security Instructor for Chiron Technology Services. His experience as an enterprise administrator and cyber network defender for the US Army are what drive his passion for network defense and "Blue Teaming". Pro Tip: If you're trying to social engineer him: motorcycles, moustaches, and karaoke are great icebreakers.

Back to BSidesCharm 2017 list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast