SlideShare a Scribd company logo

The <$100 Cyber Sensor, You Can Build It!

L
Ludwig Goon

My slides that was presented at BSides Jackson MS October 2016. This is the original version. Updates to come!

Technology
1 of 22
THE <$100 CYBER SENSOR, YOU CAN BUILD IT! LUDWIG GOON @NFLTR8
#HXNJXN WHY BUILD IT & OBJECTIVES ▸$$$$$$ COST $$$$$$$ ▸Inspect Activity on LAN ▸Power & Uptime ▸OpenSource IDS tools ▸Understanding Threat Detection & Networking ▸DNS Tools & Penetration Testing Tools ▸Malware Analysis
#HXNJXN ISP 100 MBs Down / 50 MBs Up LAN HOME NETWORK WAN DD-WRT ROUTER FIREWALL
#HXNJXN ISP 100 MBs Down / 50 MBs Up 1.0 GBs Switch LAN AUGMENTED HOME NETWORK Mirror Port / I/O Traffic CyberSensor WAN DD-WRT ROUTER FIREWALL
#HXNJXN HARDWARE, SOFTWARE & BUDGET ▸ NETGEAR ProSAFE 5-port Gigabit Web Managed (Plus) Switch $40.00 ▸ Ameridroid Odroid C2 $45.00 ▸ USB 2.0 to Ethernet Adapter $15.00 ▸ Class 10 Micro SDHC Cards 16 Gb/ 32 Gb $8.00/$12.00 ▸ Intel NUC Celeron $130.00 ▸ 4 Gb Memory DDR3 $30.00 ▸ 120 Gb SSD $70.00 ▸ Linux Operating Systems FREE SBC Total: $72 SBC Total: $100
#HXNJXN SBC ODRIOD C2 VS RASPBERRY PI ▸ A53(ARMv8) 1.5Ghz quad-core CPU ▸ Mali™-450 GPU ▸ 2 GB DDR3 SDRAM ▸ 1.0 Gb Ethernet Port ▸ HDMI 2.0 4K/60Hz display ▸ ~5.0 W Max Power ▸ eMMC5.0 HS400 Flash Storage slot ▸ UHS-1 SDR50 MicroSD Card slot ▸ USB 2.0 Host x 4, USB OTG ▸ Infrared(IR) Receiver ▸ 1.2GHz 64-bit quad-core ARMv8 CPU ▸ 802.11n Wireless LAN ▸ Bluetooth 4.1 & Bluetooth Low Energy (BLE) ▸ 1GB RAM ▸ 4 USB ports ▸ 40 GPIO pins ▸ ~4.8W Max Power ▸ 100 Mb Ethernet Port ▸ Micro SD card slot ▸ VideoCore IV 3D graphics core $35$42
#HXNJXN INTEL NUC VS DESKTOP PC ▸ Intel Braswell 2.17GHz Celeron Dual Core ▸ 4.0 Gb DDR3 RAM ▸ 120 Gb SSD ▸ 65W Intel Power Supply ▸ Intel HD Graphics ▸ WiFi Enabled ▸ 4 x USB 3.0 Ports ▸ RealTek RTL8168 Gigabit NIC ▸ Intel Core i7 3770K @3.7GHz ▸ Gigabyte G1 Sniper Gamers Mobo ▸ 32 Gb DDR3 RAM ▸ 750W Corsair Power Supply ▸ Nvidia GTX 660 & GTX 1080 GPUs ▸ Tons of Storage ▸ 6 x USB 3.0 Ports ▸ Dual Intel 1.0 Gigabit NICs
#HXNJXN CYBER TOOLS!!!!! ▸Snort ▸BRO IDS ▸nmap ▸tcpdump ▸ netsniff-ng ▸syslog-ng ▸Log Analysis
#HXNJXN SNORT VS BRO ▸ Ethernet Packets or PCAP files ▸ OSI Layer (add here) ▸ Inline & Passive Modes ▸ Logs, Database, Unified data ▸ Signature Based Threat Intel ▸ VRT Ruleset ▸ Emerging Threats Ruleset ▸ Ethernet Packets or PCAP ▸ OSI Layer (add here) ▸ Passive Mode ▸ Logs based on Packet Steams & Traffic ▸ Detects Interesting Traffic Patterns ▸ Threat Intel based on Frameworks ▸ Critical Stack Intel for BRO IDS
#HXNJXN WHAT HAPPENED ON NOVEMBER 3, 2016?
#HXNJXN FIREWALL LOGS
#HXNJXN FIREWALL DROP ACCEPT TRAFFIC BY LOCATION
#HXNJXN BRO IDS LOGS ▸conn.log ▸dhcp.log ▸dns.log ▸intel.log ▸files.log ▸x509.log ▸http.log ▸notice.log ▸sip.log ▸ssl.log ▸tunnel.log ▸weird.log ▸ssh.log ▸pe.log ▸modbus.log
#HXNJXN BRO CONNECTIONS BY COUNTRY
#HXNJXN BRO INTEL BY COUNTRY & REGION
#HXNJXN WHERE IS ‘152.163.66.141’ ???
#HXNJXN RESULTS OBSERVATIONS & CONCLUSIONS
#HXNJXN NUC VS ODRIOD C2 ▸ Runs Both Snort BRO IDS ▸ USB 3.0 Gigabit Interface ▸ 65 W Max Power ▸ 4.0 GB DDR3 SDRAM ▸ 1.0 Gb Ethernet Port ▸ Ubuntu Linux - very stable ▸ USB 2.0 Host x 4, USB OTG ▸ Runs BOTH Snort & BRO IDS ▸ USB 2.0 Gigabit Interface ▸ ~4.8W Max Power ▸ Kali Linux for ARM ▸ 2.0 GB RAM ▸ LONG COMPILE TIMES ▸ BRO IDS w/ INTEL NOT STABLE ▸ SNORT w/ RULES NOT STABLE ▸ OS hangs or Runs out of Memory
#HXNJXN LAGNIAPPE & OBSERVATIONS ▸ Uninterruptible/Battery Power Backup & Protection - CyberPower ▸ Gigabit Rated Switches ▸ DOCIS Modems & Separate Router ( use DD-WRT enabled) ▸ Capabilities of ISPs - Verizon, Comcast, AT&T, C-Spire, Cox ▸ Cat 5E Cables, USB to Ethernet Adapters ▸ Kali Linux (ARM), CentOS, Ubuntu (ARM) ▸ Protect devices (Harden the Operating System) ▸ Good Application for PCAP, Network Forensics, Intrusion Detection, Linux, & Security Tools
#HXNJXN RESOURCES ▸ Hardware ▸ ameridroid.com, amazon.com, newegg.com, intel.com ▸ OpenSource Security Tools ▸ www.bro.org, www.snort.org, sectools.org, kali.org ▸ Commercial Tools ▸ Splunk, Nessus, Nexpose ▸ Books ▸ Packt Publishers, O’Rielly Books ▸ Nostarch Press, Syngress publishers
#HXNJXN #ABOUT ME ▸ From Greenville Mississippi ▸ Mississippi State University BS Electrical Engineering1995 ▸ Completed SANS Incident Handler Certification ▸ Completed CISSP Certification ▸ Worked in Information Technology Sector for over 20 years ▸ Resides in Arlington Virginia ▸ Works for Major Defense Contractor ▸ email: lagoon7@gmail.com ▸ twitter: @nfltr8
#HXNJXN THANK YOU QUESTIONS?

Recommended

What can possibly go wrong? Why eSport needs an AntiDDoS Protection
What can possibly go wrong? Why eSport needs an AntiDDoS ProtectionWhat can possibly go wrong? Why eSport needs an AntiDDoS Protection
What can possibly go wrong? Why eSport needs an AntiDDoS ProtectionJakub Słociński
 
Nuevo Portafolio QNAP 2017
Nuevo Portafolio QNAP 2017Nuevo Portafolio QNAP 2017
Nuevo Portafolio QNAP 2017Fernando Barrientos
 
RedisConf17 - Beyond Ice Wine, Redis and Microcontrollers
RedisConf17 - Beyond Ice Wine, Redis and MicrocontrollersRedisConf17 - Beyond Ice Wine, Redis and Microcontrollers
RedisConf17 - Beyond Ice Wine, Redis and MicrocontrollersRedis Labs
 
Hack.lu 2016
Hack.lu 2016 Hack.lu 2016
Hack.lu 2016 James Jara
 
PLNOG16: Ochrona AntiDDoS, lokalnie oraz w chmurze, Paweł Wachełka
PLNOG16: Ochrona AntiDDoS, lokalnie oraz w chmurze, Paweł WachełkaPLNOG16: Ochrona AntiDDoS, lokalnie oraz w chmurze, Paweł Wachełka
PLNOG16: Ochrona AntiDDoS, lokalnie oraz w chmurze, Paweł WachełkaPROIDEA
 
Ceph Day New York 2014: Ceph, a physical perspective
Ceph Day New York 2014: Ceph, a physical perspective Ceph Day New York 2014: Ceph, a physical perspective
Ceph Day New York 2014: Ceph, a physical perspective Ceph Community
 
Introduction to RIoT Hardware Kits & ESP32 Programming [Road to RIoT 2017]
Introduction to RIoT Hardware Kits & ESP32 Programming [Road to RIoT 2017]Introduction to RIoT Hardware Kits & ESP32 Programming [Road to RIoT 2017]
Introduction to RIoT Hardware Kits & ESP32 Programming [Road to RIoT 2017]Alwin Arrasyid
 
한컴MDS_NVIDIA Jetson Platform
한컴MDS_NVIDIA Jetson Platform한컴MDS_NVIDIA Jetson Platform
한컴MDS_NVIDIA Jetson PlatformHANCOM MDS
 

Recommended

What can possibly go wrong? Why eSport needs an AntiDDoS Protection
What can possibly go wrong? Why eSport needs an AntiDDoS ProtectionWhat can possibly go wrong? Why eSport needs an AntiDDoS Protection
What can possibly go wrong? Why eSport needs an AntiDDoS ProtectionJakub Słociński
 
Nuevo Portafolio QNAP 2017
Nuevo Portafolio QNAP 2017Nuevo Portafolio QNAP 2017
Nuevo Portafolio QNAP 2017Fernando Barrientos
 
RedisConf17 - Beyond Ice Wine, Redis and Microcontrollers
RedisConf17 - Beyond Ice Wine, Redis and MicrocontrollersRedisConf17 - Beyond Ice Wine, Redis and Microcontrollers
RedisConf17 - Beyond Ice Wine, Redis and MicrocontrollersRedis Labs
 
Hack.lu 2016
Hack.lu 2016 Hack.lu 2016
Hack.lu 2016 James Jara
 
PLNOG16: Ochrona AntiDDoS, lokalnie oraz w chmurze, Paweł Wachełka
PLNOG16: Ochrona AntiDDoS, lokalnie oraz w chmurze, Paweł WachełkaPLNOG16: Ochrona AntiDDoS, lokalnie oraz w chmurze, Paweł Wachełka
PLNOG16: Ochrona AntiDDoS, lokalnie oraz w chmurze, Paweł WachełkaPROIDEA
 
Ceph Day New York 2014: Ceph, a physical perspective
Ceph Day New York 2014: Ceph, a physical perspective Ceph Day New York 2014: Ceph, a physical perspective
Ceph Day New York 2014: Ceph, a physical perspective Ceph Community
 
Introduction to RIoT Hardware Kits & ESP32 Programming [Road to RIoT 2017]
Introduction to RIoT Hardware Kits & ESP32 Programming [Road to RIoT 2017]Introduction to RIoT Hardware Kits & ESP32 Programming [Road to RIoT 2017]
Introduction to RIoT Hardware Kits & ESP32 Programming [Road to RIoT 2017]Alwin Arrasyid
 
한컴MDS_NVIDIA Jetson Platform
한컴MDS_NVIDIA Jetson Platform한컴MDS_NVIDIA Jetson Platform
한컴MDS_NVIDIA Jetson PlatformHANCOM MDS
 
Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)
Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)
Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)Nate Lawson
 
Scaling IO-bound microservices
Scaling IO-bound microservicesScaling IO-bound microservices
Scaling IO-bound microservicesSalo Shp
 
Cheap 3d pc project
Cheap 3d pc projectCheap 3d pc project
Cheap 3d pc projectJorge Viloria
 
Proposal penawaran karaoke software
Proposal penawaran karaoke softwareProposal penawaran karaoke software
Proposal penawaran karaoke softwareanuan anuan
 
Breaking New Frontiers in Robotics and Edge Computing with AI
Breaking New Frontiers in Robotics and Edge Computing with AIBreaking New Frontiers in Robotics and Edge Computing with AI
Breaking New Frontiers in Robotics and Edge Computing with AIDustin Franklin
 
Hardware Hacks
Hardware HacksHardware Hacks
Hardware Hacksn|u - The Open Security Community
 
Product Roadmap iEi 2017
Product Roadmap iEi 2017Product Roadmap iEi 2017
Product Roadmap iEi 2017Andrei Teleanu
 
BalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency walletBalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency walletNemanja Nikodijević
 
Node mcu x raspberrypi2 x mqtt
Node mcu x raspberrypi2 x mqttNode mcu x raspberrypi2 x mqtt
Node mcu x raspberrypi2 x mqtt承翰 蔡
 
Republic of IoT - Hackathon Hardware Kits Hands-on Labs
Republic of IoT - Hackathon Hardware Kits Hands-on LabsRepublic of IoT - Hackathon Hardware Kits Hands-on Labs
Republic of IoT - Hackathon Hardware Kits Hands-on LabsAlwin Arrasyid
 
L3HA-VRRP-20141201
L3HA-VRRP-20141201L3HA-VRRP-20141201
L3HA-VRRP-20141201Manabu Ori
 
OpenStack networking
OpenStack networkingOpenStack networking
OpenStack networkingSim Janghoon
 
RDP Thin Client XL-200a
RDP Thin Client XL-200aRDP Thin Client XL-200a
RDP Thin Client XL-200aRDP Workstations Pvt Ltd
 
Qnap nas tvs serie x63-catalogo
Qnap nas tvs serie x63-catalogoQnap nas tvs serie x63-catalogo
Qnap nas tvs serie x63-catalogoFernando Barrientos
 
Ksenos Streamline NVR
Ksenos Streamline NVRKsenos Streamline NVR
Ksenos Streamline NVRShawn Spaeny
 
How to twist a IPv6 over Bluetooth (6lowpan)
How to twist a IPv6 over Bluetooth (6lowpan) How to twist a IPv6 over Bluetooth (6lowpan)
How to twist a IPv6 over Bluetooth (6lowpan) Naoto MATSUMOTO
 
Cy7 introduction
Cy7 introductionCy7 introduction
Cy7 introductionKunhui Wu
 
LinuxCon2009: 10Gbit/s Bi-Directional Routing on standard hardware running Linux
LinuxCon2009: 10Gbit/s Bi-Directional Routing on standard hardware running LinuxLinuxCon2009: 10Gbit/s Bi-Directional Routing on standard hardware running Linux
LinuxCon2009: 10Gbit/s Bi-Directional Routing on standard hardware running Linuxbrouer
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool Pavel Odintsov
 
Keeping your rack cool with one "/IP route rule"
Keeping your rack cool with one "/IP route rule"Keeping your rack cool with one "/IP route rule"
Keeping your rack cool with one "/IP route rule"Faelix Ltd
 
[OpenStack Days Korea 2016] Track3 - OpenStack on 64-bit ARM with X-Gene
[OpenStack Days Korea 2016] Track3 - OpenStack on 64-bit ARM with X-Gene[OpenStack Days Korea 2016] Track3 - OpenStack on 64-bit ARM with X-Gene
[OpenStack Days Korea 2016] Track3 - OpenStack on 64-bit ARM with X-GeneOpenStack Korea Community
 
QNAP for IoT
QNAP for IoTQNAP for IoT
QNAP for IoTqnapivan
 

More Related Content

What's hot

Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)
Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)
Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)Nate Lawson
 
Scaling IO-bound microservices
Scaling IO-bound microservicesScaling IO-bound microservices
Scaling IO-bound microservicesSalo Shp
 
Proposal penawaran karaoke software
Proposal penawaran karaoke softwareProposal penawaran karaoke software
Proposal penawaran karaoke softwareanuan anuan
 
Breaking New Frontiers in Robotics and Edge Computing with AI
Breaking New Frontiers in Robotics and Edge Computing with AIBreaking New Frontiers in Robotics and Edge Computing with AI
Breaking New Frontiers in Robotics and Edge Computing with AIDustin Franklin
 
Product Roadmap iEi 2017
Product Roadmap iEi 2017Product Roadmap iEi 2017
Product Roadmap iEi 2017Andrei Teleanu
 
BalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency walletBalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency walletNemanja Nikodijević
 
Node mcu x raspberrypi2 x mqtt
Node mcu x raspberrypi2 x mqttNode mcu x raspberrypi2 x mqtt
Node mcu x raspberrypi2 x mqtt承翰 蔡
 
Republic of IoT - Hackathon Hardware Kits Hands-on Labs
Republic of IoT - Hackathon Hardware Kits Hands-on LabsRepublic of IoT - Hackathon Hardware Kits Hands-on Labs
Republic of IoT - Hackathon Hardware Kits Hands-on LabsAlwin Arrasyid
 
L3HA-VRRP-20141201
L3HA-VRRP-20141201L3HA-VRRP-20141201
L3HA-VRRP-20141201Manabu Ori
 
OpenStack networking
OpenStack networkingOpenStack networking
OpenStack networkingSim Janghoon
 
Ksenos Streamline NVR
Ksenos Streamline NVRKsenos Streamline NVR
Ksenos Streamline NVRShawn Spaeny
 
How to twist a IPv6 over Bluetooth (6lowpan)
How to twist a IPv6 over Bluetooth (6lowpan) How to twist a IPv6 over Bluetooth (6lowpan)
How to twist a IPv6 over Bluetooth (6lowpan) Naoto MATSUMOTO
 

What's hot (16)

Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)
Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)
Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)
 
Scaling IO-bound microservices
Scaling IO-bound microservicesScaling IO-bound microservices
Scaling IO-bound microservices
 
Cheap 3d pc project
Cheap 3d pc projectCheap 3d pc project
Cheap 3d pc project
 
Proposal penawaran karaoke software
Proposal penawaran karaoke softwareProposal penawaran karaoke software
Proposal penawaran karaoke software
 
Breaking New Frontiers in Robotics and Edge Computing with AI
Breaking New Frontiers in Robotics and Edge Computing with AIBreaking New Frontiers in Robotics and Edge Computing with AI
Breaking New Frontiers in Robotics and Edge Computing with AI
 
Hardware Hacks
Hardware HacksHardware Hacks
Hardware Hacks
 
Product Roadmap iEi 2017
Product Roadmap iEi 2017Product Roadmap iEi 2017
Product Roadmap iEi 2017
 
BalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency walletBalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency wallet
 
Node mcu x raspberrypi2 x mqtt
Node mcu x raspberrypi2 x mqttNode mcu x raspberrypi2 x mqtt
Node mcu x raspberrypi2 x mqtt
 
Republic of IoT - Hackathon Hardware Kits Hands-on Labs
Republic of IoT - Hackathon Hardware Kits Hands-on LabsRepublic of IoT - Hackathon Hardware Kits Hands-on Labs
Republic of IoT - Hackathon Hardware Kits Hands-on Labs
 
L3HA-VRRP-20141201
L3HA-VRRP-20141201L3HA-VRRP-20141201
L3HA-VRRP-20141201
 
OpenStack networking
OpenStack networkingOpenStack networking
OpenStack networking
 
RDP Thin Client XL-200a
RDP Thin Client XL-200aRDP Thin Client XL-200a
RDP Thin Client XL-200a
 
Qnap nas tvs serie x63-catalogo
Qnap nas tvs serie x63-catalogoQnap nas tvs serie x63-catalogo
Qnap nas tvs serie x63-catalogo
 
Ksenos Streamline NVR
Ksenos Streamline NVRKsenos Streamline NVR
Ksenos Streamline NVR
 
How to twist a IPv6 over Bluetooth (6lowpan)
How to twist a IPv6 over Bluetooth (6lowpan) How to twist a IPv6 over Bluetooth (6lowpan)
How to twist a IPv6 over Bluetooth (6lowpan)
 

Similar to The &lt;$100 Cyber Sensor, You Can Build It!

Cy7 introduction
Cy7 introductionCy7 introduction
Cy7 introductionKunhui Wu
 
LinuxCon2009: 10Gbit/s Bi-Directional Routing on standard hardware running Linux
LinuxCon2009: 10Gbit/s Bi-Directional Routing on standard hardware running LinuxLinuxCon2009: 10Gbit/s Bi-Directional Routing on standard hardware running Linux
LinuxCon2009: 10Gbit/s Bi-Directional Routing on standard hardware running Linuxbrouer
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool Pavel Odintsov
 
Keeping your rack cool with one "/IP route rule"
Keeping your rack cool with one "/IP route rule"Keeping your rack cool with one "/IP route rule"
Keeping your rack cool with one "/IP route rule"Faelix Ltd
 
[OpenStack Days Korea 2016] Track3 - OpenStack on 64-bit ARM with X-Gene
[OpenStack Days Korea 2016] Track3 - OpenStack on 64-bit ARM with X-Gene[OpenStack Days Korea 2016] Track3 - OpenStack on 64-bit ARM with X-Gene
[OpenStack Days Korea 2016] Track3 - OpenStack on 64-bit ARM with X-GeneOpenStack Korea Community
 
QNAP for IoT
QNAP for IoTQNAP for IoT
QNAP for IoTqnapivan
 
robust-twelve-plus-midtower-storage-server
robust-twelve-plus-midtower-storage-serverrobust-twelve-plus-midtower-storage-server
robust-twelve-plus-midtower-storage-serverTecsun Yeep
 
Osis18_Cloud : DeepTorrent Stockage distribué perenne basé sur Bittorrent
Osis18_Cloud : DeepTorrent Stockage distribué perenne basé sur BittorrentOsis18_Cloud : DeepTorrent Stockage distribué perenne basé sur Bittorrent
Osis18_Cloud : DeepTorrent Stockage distribué perenne basé sur BittorrentPôle Systematic Paris-Region
 
Iot - kubernetes - prometheus AKA How to annoy your better half with IoT
Iot - kubernetes - prometheus AKA How to annoy your better half with IoTIot - kubernetes - prometheus AKA How to annoy your better half with IoT
Iot - kubernetes - prometheus AKA How to annoy your better half with IoTAkos Veres
 
Internet Of Things: Hands on: YOW! night
Internet Of Things: Hands on: YOW! nightInternet Of Things: Hands on: YOW! night
Internet Of Things: Hands on: YOW! nightAndy Gelme
 
Device inspection to remote root
Device inspection to remote rootDevice inspection to remote root
Device inspection to remote rootTim N
 
Dream Pc 2009
Dream Pc 2009Dream Pc 2009
Dream Pc 2009kyochi
 
Internet of Things, Mobility & .Net Micro Framework SydMobNet March 2014
Internet of Things, Mobility & .Net Micro Framework SydMobNet March 2014Internet of Things, Mobility & .Net Micro Framework SydMobNet March 2014
Internet of Things, Mobility & .Net Micro Framework SydMobNet March 2014Alec Tucker
 
Insecure Obsolete and Trivial - The Real IOT
Insecure Obsolete and Trivial - The Real IOTInsecure Obsolete and Trivial - The Real IOT
Insecure Obsolete and Trivial - The Real IOTPrice McDonald
 
Scalable AI Solution cross AI platforms
Scalable AI Solution cross AI platformsScalable AI Solution cross AI platforms
Scalable AI Solution cross AI platformsKTN
 

Similar to The &lt;$100 Cyber Sensor, You Can Build It! (20)

Cy7 introduction
Cy7 introductionCy7 introduction
Cy7 introduction
 
LinuxCon2009: 10Gbit/s Bi-Directional Routing on standard hardware running Linux
LinuxCon2009: 10Gbit/s Bi-Directional Routing on standard hardware running LinuxLinuxCon2009: 10Gbit/s Bi-Directional Routing on standard hardware running Linux
LinuxCon2009: 10Gbit/s Bi-Directional Routing on standard hardware running Linux
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool
 
Keeping your rack cool with one "/IP route rule"
Keeping your rack cool with one "/IP route rule"Keeping your rack cool with one "/IP route rule"
Keeping your rack cool with one "/IP route rule"
 
[OpenStack Days Korea 2016] Track3 - OpenStack on 64-bit ARM with X-Gene
[OpenStack Days Korea 2016] Track3 - OpenStack on 64-bit ARM with X-Gene[OpenStack Days Korea 2016] Track3 - OpenStack on 64-bit ARM with X-Gene
[OpenStack Days Korea 2016] Track3 - OpenStack on 64-bit ARM with X-Gene
 
QNAP for IoT
QNAP for IoTQNAP for IoT
QNAP for IoT
 
robust-twelve-plus-midtower-storage-server
robust-twelve-plus-midtower-storage-serverrobust-twelve-plus-midtower-storage-server
robust-twelve-plus-midtower-storage-server
 
Osis18_Cloud : DeepTorrent Stockage distribué perenne basé sur Bittorrent
Osis18_Cloud : DeepTorrent Stockage distribué perenne basé sur BittorrentOsis18_Cloud : DeepTorrent Stockage distribué perenne basé sur Bittorrent
Osis18_Cloud : DeepTorrent Stockage distribué perenne basé sur Bittorrent
 
uCluster
uClusteruCluster
uCluster
 
Iot - kubernetes - prometheus AKA How to annoy your better half with IoT
Iot - kubernetes - prometheus AKA How to annoy your better half with IoTIot - kubernetes - prometheus AKA How to annoy your better half with IoT
Iot - kubernetes - prometheus AKA How to annoy your better half with IoT
 
MÁY KIỂM KHO DATALOGIC Dh60
MÁY KIỂM KHO DATALOGIC Dh60 MÁY KIỂM KHO DATALOGIC Dh60
MÁY KIỂM KHO DATALOGIC Dh60
 
Internet Of Things: Hands on: YOW! night
Internet Of Things: Hands on: YOW! nightInternet Of Things: Hands on: YOW! night
Internet Of Things: Hands on: YOW! night
 
QNAP TS-832PX-4G.pdf
QNAP TS-832PX-4G.pdfQNAP TS-832PX-4G.pdf
QNAP TS-832PX-4G.pdf
 
Device inspection to remote root
Device inspection to remote rootDevice inspection to remote root
Device inspection to remote root
 
Dream Pc 2009
Dream Pc 2009Dream Pc 2009
Dream Pc 2009
 
Presentation TS-X53A Series
Presentation TS-X53A SeriesPresentation TS-X53A Series
Presentation TS-X53A Series
 
Internet of Things, Mobility & .Net Micro Framework SydMobNet March 2014
Internet of Things, Mobility & .Net Micro Framework SydMobNet March 2014Internet of Things, Mobility & .Net Micro Framework SydMobNet March 2014
Internet of Things, Mobility & .Net Micro Framework SydMobNet March 2014
 
Insecure Obsolete and Trivial - The Real IOT
Insecure Obsolete and Trivial - The Real IOTInsecure Obsolete and Trivial - The Real IOT
Insecure Obsolete and Trivial - The Real IOT
 
Scalable AI Solution cross AI platforms
Scalable AI Solution cross AI platformsScalable AI Solution cross AI platforms
Scalable AI Solution cross AI platforms
 
AI talk at CogX 2018
AI talk at CogX 2018AI talk at CogX 2018
AI talk at CogX 2018
 

Recently uploaded

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 

Recently uploaded (20)

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 

The &lt;$100 Cyber Sensor, You Can Build It!

  • 1. THE <$100 CYBER SENSOR, YOU CAN BUILD IT! LUDWIG GOON @NFLTR8
  • 2. #HXNJXN WHY BUILD IT & OBJECTIVES ▸$$$$$$ COST $$$$$$$ ▸Inspect Activity on LAN ▸Power & Uptime ▸OpenSource IDS tools ▸Understanding Threat Detection & Networking ▸DNS Tools & Penetration Testing Tools ▸Malware Analysis
  • 3. #HXNJXN ISP 100 MBs Down / 50 MBs Up LAN HOME NETWORK WAN DD-WRT ROUTER FIREWALL
  • 4. #HXNJXN ISP 100 MBs Down / 50 MBs Up 1.0 GBs Switch LAN AUGMENTED HOME NETWORK Mirror Port / I/O Traffic CyberSensor WAN DD-WRT ROUTER FIREWALL
  • 5. #HXNJXN HARDWARE, SOFTWARE & BUDGET ▸ NETGEAR ProSAFE 5-port Gigabit Web Managed (Plus) Switch $40.00 ▸ Ameridroid Odroid C2 $45.00 ▸ USB 2.0 to Ethernet Adapter $15.00 ▸ Class 10 Micro SDHC Cards 16 Gb/ 32 Gb $8.00/$12.00 ▸ Intel NUC Celeron $130.00 ▸ 4 Gb Memory DDR3 $30.00 ▸ 120 Gb SSD $70.00 ▸ Linux Operating Systems FREE SBC Total: $72 SBC Total: $100
  • 6. #HXNJXN SBC ODRIOD C2 VS RASPBERRY PI ▸ A53(ARMv8) 1.5Ghz quad-core CPU ▸ Mali™-450 GPU ▸ 2 GB DDR3 SDRAM ▸ 1.0 Gb Ethernet Port ▸ HDMI 2.0 4K/60Hz display ▸ ~5.0 W Max Power ▸ eMMC5.0 HS400 Flash Storage slot ▸ UHS-1 SDR50 MicroSD Card slot ▸ USB 2.0 Host x 4, USB OTG ▸ Infrared(IR) Receiver ▸ 1.2GHz 64-bit quad-core ARMv8 CPU ▸ 802.11n Wireless LAN ▸ Bluetooth 4.1 & Bluetooth Low Energy (BLE) ▸ 1GB RAM ▸ 4 USB ports ▸ 40 GPIO pins ▸ ~4.8W Max Power ▸ 100 Mb Ethernet Port ▸ Micro SD card slot ▸ VideoCore IV 3D graphics core $35$42
  • 7. #HXNJXN INTEL NUC VS DESKTOP PC ▸ Intel Braswell 2.17GHz Celeron Dual Core ▸ 4.0 Gb DDR3 RAM ▸ 120 Gb SSD ▸ 65W Intel Power Supply ▸ Intel HD Graphics ▸ WiFi Enabled ▸ 4 x USB 3.0 Ports ▸ RealTek RTL8168 Gigabit NIC ▸ Intel Core i7 3770K @3.7GHz ▸ Gigabyte G1 Sniper Gamers Mobo ▸ 32 Gb DDR3 RAM ▸ 750W Corsair Power Supply ▸ Nvidia GTX 660 & GTX 1080 GPUs ▸ Tons of Storage ▸ 6 x USB 3.0 Ports ▸ Dual Intel 1.0 Gigabit NICs
  • 9. #HXNJXN SNORT VS BRO ▸ Ethernet Packets or PCAP files ▸ OSI Layer (add here) ▸ Inline & Passive Modes ▸ Logs, Database, Unified data ▸ Signature Based Threat Intel ▸ VRT Ruleset ▸ Emerging Threats Ruleset ▸ Ethernet Packets or PCAP ▸ OSI Layer (add here) ▸ Passive Mode ▸ Logs based on Packet Steams & Traffic ▸ Detects Interesting Traffic Patterns ▸ Threat Intel based on Frameworks ▸ Critical Stack Intel for BRO IDS
  • 12. #HXNJXN FIREWALL DROP ACCEPT TRAFFIC BY LOCATION
  • 15. #HXNJXN BRO INTEL BY COUNTRY & REGION
  • 18. #HXNJXN NUC VS ODRIOD C2 ▸ Runs Both Snort BRO IDS ▸ USB 3.0 Gigabit Interface ▸ 65 W Max Power ▸ 4.0 GB DDR3 SDRAM ▸ 1.0 Gb Ethernet Port ▸ Ubuntu Linux - very stable ▸ USB 2.0 Host x 4, USB OTG ▸ Runs BOTH Snort & BRO IDS ▸ USB 2.0 Gigabit Interface ▸ ~4.8W Max Power ▸ Kali Linux for ARM ▸ 2.0 GB RAM ▸ LONG COMPILE TIMES ▸ BRO IDS w/ INTEL NOT STABLE ▸ SNORT w/ RULES NOT STABLE ▸ OS hangs or Runs out of Memory
  • 19. #HXNJXN LAGNIAPPE & OBSERVATIONS ▸ Uninterruptible/Battery Power Backup & Protection - CyberPower ▸ Gigabit Rated Switches ▸ DOCIS Modems & Separate Router ( use DD-WRT enabled) ▸ Capabilities of ISPs - Verizon, Comcast, AT&T, C-Spire, Cox ▸ Cat 5E Cables, USB to Ethernet Adapters ▸ Kali Linux (ARM), CentOS, Ubuntu (ARM) ▸ Protect devices (Harden the Operating System) ▸ Good Application for PCAP, Network Forensics, Intrusion Detection, Linux, & Security Tools
  • 20. #HXNJXN RESOURCES ▸ Hardware ▸ ameridroid.com, amazon.com, newegg.com, intel.com ▸ OpenSource Security Tools ▸ www.bro.org, www.snort.org, sectools.org, kali.org ▸ Commercial Tools ▸ Splunk, Nessus, Nexpose ▸ Books ▸ Packt Publishers, O’Rielly Books ▸ Nostarch Press, Syngress publishers
  • 21. #HXNJXN #ABOUT ME ▸ From Greenville Mississippi ▸ Mississippi State University BS Electrical Engineering1995 ▸ Completed SANS Incident Handler Certification ▸ Completed CISSP Certification ▸ Worked in Information Technology Sector for over 20 years ▸ Resides in Arlington Virginia ▸ Works for Major Defense Contractor ▸ email: lagoon7@gmail.com ▸ twitter: @nfltr8