Building a Virtual Cyber Security Lab Part 3 – The Security Onion

In this part of the video series we will continue creating our virtualized lab training environment by installing the Security Onion network security monitoring VM. Securtiy Onion will provide the ability to monitor the lab for security threats and attacks; i.e. the “Detect” aspect. The detect function is critical for an analyst to know, and serves as the foundation to build upon.

Continue reading “Building a Virtual Cyber Security Lab Part 3 – The Security Onion”

SCP for Securely transferring files between Linux hosts

Security analysts constantly need to move files around; be it logs, ISO’s or VM’s, in Windows this is pretty easy. But how about in Linux? There are many way’s do move files between Linux machines and today we will discuss one of the most popular. SCP offers speed and versatility when it comes to moving files and allows analysts to seamlessly transfer files to and from a remote machine. Let’s see if we can get it done in two minutes!

Continue reading “SCP for Securely transferring files between Linux hosts”

Vi, The Basics of Editing Text on the Command Line Without Pulling Your Hair Out.

Security Analyst’s spend a lot of time on the command line in Linux so it makes sense to have a utility for editing text available. Vi and it’s improved cousin VIM fit the bill nicely; however most folks are intimidated by all of the hot keys and modes. Text editing with Vi is really easy and quick once you learn the basics, and that is today’s topic.

Continue reading “Vi, The Basics of Editing Text on the Command Line Without Pulling Your Hair Out.”

Verifying file integrity by hashing with md5 and sha1

Verifying file integrity by hashing with md5 and sha1 is todays topic. Downloading files poses risks, even when we know where they are being downloaded from. You can be sure they have not been tampered with or corrupted by verifying the hash provided by the author. This post and accompanying YouTube video will show you how to easily calculate the hash in Windows or Linux.

Continue reading “Verifying file integrity by hashing with md5 and sha1”

Using GeoIP data from the command line

Today’s topic is using GeoIP data from the command line. Security analysts often find they need to ascertain an IP addresses geographic location in order to make decisions. The most obvious use would be around geofencing, i.e. blocking IP’s from certain countries or regions. GeoIP information is simple to acquire from the Linux command line with the tool geoiplookup and the Maxmind dat files. Here is an updated post and video on how to use Maxmind’s GeoLite2 database. How to use GeoLite2 on the command line.

Continue reading “Using GeoIP data from the command line”

How to secure a fresh Linux virtual private server install

Introduction

A Linux virtual private server (VPS) is an essential tool for any cyber security analyst, but left unsecured it can quickly be taken over by those with more nefarious intentions. Lets make sure that does not happen. This blog and accompanying video covers a few basic “must do” tasks to configure a secure Linux virtual private server at first boot. Why do we need to secure a new system? Within seconds of it coming online it will be found and attacked. If you want to test this you can leave this system as installed for 24 hours and then check the logs, there will be brute force attempts on ssh at a minimum. You may want to re-deploy the VPS before going any further if you performed this test.

YouTube video on how to secure a Linux VPS.
Continue reading “How to secure a fresh Linux virtual private server install”