the Bridge / Data Capture Device
-OpenBSD OS because.... well because I like it :)
-Layer 2 bridge so that it is not easily visible from
outside world
-No way to reach it from anything other than the
administrative network
-100 Mb ethernet
-Tcpdump configured for full packet captures
Network Traffic Monitoring
-SNORT
-Signature based Network Intrusion Detection
-Configured to page researchers on any active
attack or new outbound traffic
-Hourly reports by email
-Attack signatures updated regularly from our
company's attack signature database
-Good for reporting what happened and in what
sequence
Miscellaneous Tools
-Tcpdump capturing whole packets
-Traffic capture files rotated and archived every 24
hours
-AIDE file system integrity application and MD5
digest DB hidden on servers as X11 font files
(lazy)
-AIDE is run manually, as needed
-Statically linked lsof is a very handy tool to have
loaded on the box
-Have a Jump Kit of your favorite utilities on CD
ready to go (but not in the tray!)
0 comments:
Post a Comment