broverview outline
play

Broverview Outline 2 Outline Philosophy and Architecture A - PowerPoint PPT Presentation

Jan 01, 2024 •474 likes •1.22k views

The Bro Network Security Monitor Broverview Outline 2 Outline Philosophy and Architecture A framework for network traffic analysis. 2 Outline Philosophy and Architecture A framework for network traffic analysis. History From research to

  1. The Bro Network Security Monitor Broverview

  2. Outline 2

  3. Outline Philosophy and Architecture A framework for network traffic analysis. 2

  4. Outline Philosophy and Architecture A framework for network traffic analysis. History From research to operations. 2

  5. Outline Philosophy and Architecture A framework for network traffic analysis. History From research to operations. Architecture Components, logs, scripts, cluster. 2

  6. What is Bro? 3

  7. What is Bro? Packet Capture 3

  8. What is Bro? Packet Capture Traffic Inspection 3

  9. What is Bro? Packet Capture Traffic Inspection Attack Detection 3

  10. What is Bro? Packet Capture Traffic Inspection Attack Detection NetFlow Log Recording syslog 3

  11. What is Bro? Packet Capture Traffic Inspection Attack Detection NetFlow Log Recording syslog Flexibility Abstraction Data Structures 3

  12. What is Bro? Packet Capture Traffic Inspection Attack Detection NetFlow Log Recording syslog Flexibility Abstraction Data Structures 3

  13. What is Bro? Packet Capture Traffic Inspection Attack Detection NetFlow Log Recording syslog Flexibility Flexibility Abstraction Abstraction Data Structures Data Structures 3

  14. What is Bro? Packet Capture Traffic Inspection Attack Detection “Domain-specific Python” NetFlow Log Recording syslog Flexibility Flexibility Abstraction Abstraction Data Structures Data Structures 3

  15. What is Bro? Packet Capture S u m i s m o r e t h a n t h e p i e c e s Traffic Inspection Attack Detection “Domain-specific Python” NetFlow Log Recording syslog Flexibility Flexibility Abstraction Abstraction Data Structures Data Structures 3

  16. Philosophy 4

  17. Philosophy Fundamentally different from other IDS. Reset your idea of an IDS before starting to use Bro. 4

  18. Philosophy Fundamentally different from other IDS. Reset your idea of an IDS before starting to use Bro. Real-time network analysis framework. Primarily an IDS, but many use it for general traffic analysis. 4

  19. Philosophy Fundamentally different from other IDS. Reset your idea of an IDS before starting to use Bro. Real-time network analysis framework. Primarily an IDS, but many use it for general traffic analysis. Policy-neutral at the core. Can accommodate a range of detection approaches. 4

  20. Philosophy Fundamentally different from other IDS. Reset your idea of an IDS before starting to use Bro. Real-time network analysis framework. Primarily an IDS, but many use it for general traffic analysis. Policy-neutral at the core. Can accommodate a range of detection approaches. Highly stateful. Tracks extensive application-layer network state. 4

  21. Philosophy Fundamentally different from other IDS. Reset your idea of an IDS before starting to use Bro. Real-time network analysis framework. Primarily an IDS, but many use it for general traffic analysis. Policy-neutral at the core. Can accommodate a range of detection approaches. Highly stateful. Tracks extensive application-layer network state. Supports forensics. Extensively logs what it sees. 4

  22. Target Audience 5

  23. Target Audience Network-savvy users. Requires understanding of your network. 5

  24. Target Audience Network-savvy users. Requires understanding of your network. Unixy mindset. Command-line based, fully customizable. 5

  25. Target Audience Network-savvy users. Requires understanding of your network. Unixy mindset. Command-line based, fully customizable. Large-scale environments. Effective also with liberal security policies. 5

  26. Bro History 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 Vern writes 1st line of code 6

  27. Bro History 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 v2.2 (beta) File Analysis v2.0 v0.7a90 v1.5 Vern writes 1st v0.2 v0.8aX/0.9aX v0.6 Summary Stat. v1.1/v1.2 New Scripts Profiling BroControl line of code 1st CHANGES SSL/SMB RegExps when Stmt State Mgmt entry STABLE releases Login analysis v2.1 Resource tuning BroLite Bro SDCI IPv6 Broccoli Input Framew. DPD v1.4 v0.4 v0.7a175/0.8aX v1.0 LBNL starts DHCP/BitTorrent HTTP analysis Signatures BinPAC using Bro HTTP entities Scan detector SMTP IRC/RPC analyzers operationally NetFlow IP fragments IPv6 support 64-bit support Bro Lite Deprecated Linux support User manual Sane version numbers v0.7a48 0.8a37 v1.3 Consistent Communication Ctor expressions CHANGES Persistence GeoIP Namespaces Conn Compressor Log Rotation 6

  28. Bro History Host Context Academic Time Machine Enterprise Traffic Publications TRW State Mgmt. Bro Cluster Independ. State Shunt Parallel Prototype Input Framework Anonymizer BinPAC Stepping Stone Active Mapping DPD USENIX Paper Detector Context Signat. 2nd Path Autotuning 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 v2.2 (beta) File Analysis v2.0 v0.7a90 v1.5 Vern writes 1st v0.2 v0.8aX/0.9aX v0.6 Summary Stat. v1.1/v1.2 New Scripts Profiling BroControl line of code 1st CHANGES SSL/SMB RegExps when Stmt State Mgmt entry STABLE releases Login analysis v2.1 Resource tuning BroLite Bro SDCI IPv6 Broccoli Input Framew. DPD v1.4 v0.4 v0.7a175/0.8aX v1.0 LBNL starts DHCP/BitTorrent HTTP analysis Signatures BinPAC using Bro HTTP entities Scan detector SMTP IRC/RPC analyzers operationally NetFlow IP fragments IPv6 support 64-bit support Bro Lite Deprecated Linux support User manual Sane version numbers v0.7a48 0.8a37 v1.3 Consistent Communication Ctor expressions CHANGES Persistence GeoIP Namespaces Conn Compressor Log Rotation 6

  29. “Who’s Using It?” Installations across the US Universities Research Labs Supercomputer Centers Fortune 50 Industry Examples Lawrence Berkeley National Lab Indiana University National Center for Supercomputing Applications National Center for Atmospheric Research ... and many more sites Recent User Meetings Bro Workshop 2011 at NCSA Fully integrated into Security Onion Bro Exchange 2012 at NCAR Bro Exchange 2013 at NCSA Popular security-oriented Linux distribution Each attended by about 50-90 operators from from 30-50 organizations 7

  30. Deployment Internal Internet Network 8

  31. Deployment Tap Internal Internet Network Bro 8

  32. Deployment Tap Internal Internet Network Bro Runs on commodity platforms. � Standard PCs & NICs. Supports FreeBSD/Linux/OS X. 8

  33. Creating Visibility with Bro 9

  34. Creating Visibility with Bro > bro -i en0 [ ... wait ...] > cat conn.log 9

  35. Creating Visibility with Bro > bro -i en0 [ ... wait ...] > cat conn.log #fields ts id.orig_h id.orig_p id.resp_h id.resp_p proto service duration 1144876741.1198 192.150.186.169 53115 82.94.237.218 80 tcp http 16.14929 1144876612.6063 192.150.186.169 53090 198.189.255.82 80 tcp http 4.437460 1144876596.5597 192.150.186.169 53051 193.203.227.129 80 tcp http 0.372440 1144876606.7789 192.150.186.169 53082 198.189.255.73 80 tcp http 0.597711 1144876741.4693 192.150.186.169 53116 82.94.237.218 80 tcp http 16.02667 1144876745.6102 192.150.186.169 53117 66.102.7.99 80 tcp http 1.004346 1144876605.6847 192.150.186.169 53075 207.151.118.143 80 tcp http 0.029663 9

  36. Creating Visibility with Bro > bro -i en0 [ ... wait ...] > cat conn.log #fields ts id.orig_h id.orig_p id.resp_h id.resp_p proto service duration 1144876741.1198 192.150.186.169 53115 82.94.237.218 80 tcp http 16.14929 1144876612.6063 192.150.186.169 53090 198.189.255.82 80 tcp http 4.437460 1144876596.5597 192.150.186.169 53051 193.203.227.129 80 tcp http 0.372440 1144876606.7789 192.150.186.169 53082 198.189.255.73 80 tcp http 0.597711 1144876741.4693 192.150.186.169 53116 82.94.237.218 80 tcp http 16.02667 1144876745.6102 192.150.186.169 53117 66.102.7.99 80 tcp http 1.004346 1144876605.6847 192.150.186.169 53075 207.151.118.143 80 tcp http 0.029663 > cat http.log 9

Recommend

Broverview Bro Workshop 2011 NCSA, Urbana-Champaign, IL Bro Workshop 2011 Outline 2 Bro

Broverview Bro Workshop 2011 NCSA, Urbana-Champaign, IL Bro Workshop 2011 Outline 2 Bro

The Bro Network Security Monitor Broverview Bro Workshop 2011 NCSA, Urbana-Champaign, IL Bro Workshop 2011 Outline 2 Bro Workshop 2011 Outline Philosophy and Architecture A framework for network traffic analysis. 2 Bro Workshop 2011

1.12k views • 69 slides
Ins Domingues Breast Cancer Workshop April 7th 2015 Outline Outline Outline Outline

Ins Domingues Breast Cancer Workshop April 7th 2015 Outline Outline Outline Outline

An automatic mammogram system: from screening to diagnosis Ins Domingues Breast Cancer Workshop April 7th 2015 Outline Outline Outline Outline Outline Outline Outline Outline Outline Outline Outline Outline Pectoral muscle

589 views • 45 slides
Presentation Preparation Outline Speech Outline Template ***Use this outline to guide you in

Presentation Preparation Outline Speech Outline Template ***Use this outline to guide you in

Presentation Preparation Outline Speech Outline Template ***Use this outline to guide you in preparing for your presentation; this outline is required. Title: I. Introduction (The speech actually starts here.) A. Attention Getter:

479 views • 3 slides
PT1 TMP Presentation Outline 1 Group Members: ___________________________________ Use this outline

PT1 TMP Presentation Outline 1 Group Members: ___________________________________ Use this outline

PT1 TMP Presentation Outline 1 Group Members: ___________________________________ Use this outline to organize your argument to create a logical flow of information and plan your presentation layout. This outline is worth a group grade (one copy

506 views • 3 slides
1 Web Application Development 2 3 Web Application Development CSS Outline An outline is a

1 Web Application Development 2 3 Web Application Development CSS Outline An outline is a

1 Web Application Development 2 3 Web Application Development CSS Outline An outline is a line that is drawn around elements, OUTSIDE the borders, to make the element "stand out". CSS has the following outline properties:

1.76k views • 117 slides
Outline Outline Background of the Network Vision Vision Aims Activities

Outline Outline Background of the Network Vision Vision Aims Activities

Asia Pacific Adaptation Network (APAN)- A k A key regional Initiative i l I iti ti Puja Sawhney Coordinator, APAN , Institute for Global Environmental Strategies Thimpu, Bhutan p 16 th November, 2011 Outline Outline Background of the

441 views • 9 slides
When (Low ) Pow er Really Matters When (Low ) Pow er Really Matters When (Low ) Pow er Really

When (Low ) Pow er Really Matters When (Low ) Pow er Really Matters When (Low ) Pow er Really

When (Low ) Pow er Really Matters When (Low ) Pow er Really Matters When (Low ) Pow er Really Matters When (Low ) Pow er Really Matters Yogesh K. Ramadass, AnanthaGroup Microsystems Technology Laboratory Outline Outline Outline Outline

507 views • 36 slides
Presentation Outline Worksheet You can use part or all of this outline to help you. This is YOUR

Presentation Outline Worksheet You can use part or all of this outline to help you. This is YOUR

Presentation Outline Worksheet You can use part or all of this outline to help you. This is YOUR personal presentation so you can create it however you want. These are just suggestions to help you get started. The purpose is to educate your

618 views • 3 slides
Outline 2 Outline 2 ZSim core simulation techniques Outline 2 ZSim core simulation

Outline 2 Outline 2 ZSim core simulation techniques Outline 2 ZSim core simulation

ZSim Tutorial MICRO 2015 S TATS AND C ONFIGURATION Core Models Po-An Tsai Outline 2 Outline 2 ZSim core simulation techniques Outline 2 ZSim core simulation techniques ZSim core structure I1D I1I Simple IPC 1 core

1.96k views • 120 slides
Outline Outline Motivation Motivation 1 1. Email Speech Acts 2. Modeling textual intention

Outline Outline Motivation Motivation 1 1. Email Speech Acts 2. Modeling textual intention

Modeling Intention in Email : Speech Acts, Information Leaks and User Ranking Methods p g Vitor R. Carvalho Carnegie Mellon University William Cohen Ramnath a at Tom Tom Jon Jon Balasubramanyan Mitchell Elsas Outline Outline

1.09k views • 65 slides
Session Outline Course themes imperative problem solving (think: outline form) C

Session Outline Course themes imperative problem solving (think: outline form) C

Session Outline Course themes imperative problem solving (think: outline form) C programming (close to the machine) storage and processing of data Linux operating system control of robots Demo Course Web site

780 views • 9 slides
Outline : Outline : Our method to perform periodicity search Candidates of the next Geminga The

Outline : Outline : Our method to perform periodicity search Candidates of the next Geminga The

Periodicity Sear Periodicity Search of ch of the the Geming Geminga-lik -like Pulsar e Pulsars Lupin Chun-Che Lin () Institute of Astronomy, National Central University, Taiwan Outline : Outline : Our method to perform periodicity

654 views • 19 slides
Outline for St Outline for St Outline for

Outline for St Outline for St Outline for

Outline for St Outline for St Outline for St Outline for St Francis Participation Francis Participation Francis Participation Francis Participation St Francis Overview Current Work on

120 views • 10 slides
RDF Beyond RDF Beyond Outline Outline RDFa RDFa Microformat Schema.org S h RDFa

RDF Beyond RDF Beyond Outline Outline RDFa RDFa Microformat Schema.org S h RDFa

RDF Beyond RDF Beyond Outline Outline RDFa RDFa Microformat Schema.org S h RDFa RDFa RDFa RDFa RDFa: A collection of attributes and processing p g rules for extending XHTML to support RDF. HTML contains structured data,

768 views • 37 slides
Appendix J: Capstone Presentation Outline Revised Spring 2016 CAPSTONE PRESENTATION OUTLINE This

Appendix J: Capstone Presentation Outline Revised Spring 2016 CAPSTONE PRESENTATION OUTLINE This

Appendix J: Capstone Presentation Outline Revised Spring 2016 CAPSTONE PRESENTATION OUTLINE This is a suggested outline only. Students should work closely with their Faculty Advisors to adapt this format the presentation to the needs of the

418 views • 4 slides
1 Course Outline Course Outline Course Outline Course Outline 3D Graphics Pipeline 3D

1 Course Outline Course Outline Course Outline Course Outline 3D Graphics Pipeline 3D

Goals Goals Foundations of Computer Graphics Foundations of Computer Graphics Systems: Write complex 3D graphics programs (Spring 2010) (Spring 2010) (real-time in OpenGL, offline raytracer, animation) CS 184, Lecture 1: Overview and

176 views • 5 slides
Outline Outline 1. About Cambodia 1. About Cambodia 2. Overview of disaster Hazards &

Outline Outline 1. About Cambodia 1. About Cambodia 2. Overview of disaster Hazards &

Sophak PHOEUN, National DRR Forum Coordinat or & Executive Assistant to Vice President of NCDM , National Committee for Disaster Management. Outline Outline 1. About Cambodia 1. About Cambodia 2. Overview of disaster Hazards &

346 views • 15 slides
SWAZILAND IMTS Presentation BY: WISEMAN DLAMINI Outline Outline Scope and time of

SWAZILAND IMTS Presentation BY: WISEMAN DLAMINI Outline Outline Scope and time of

SWAZILAND IMTS Presentation BY: WISEMAN DLAMINI Outline Outline Scope and time of recording . p g Commodity classifications. Valuation. Quantity Measurements. Partner country. Data compilation strategies.

1.68k views • 12 slides
Outline Outline Consumer Expenditure Survey p y Why redesign the CE? Why redesign the CE?

Outline Outline Consumer Expenditure Survey p y Why redesign the CE? Why redesign the CE?

Outline Outline Consumer Expenditure Survey p y Why redesign the CE? Why redesign the CE? Data Users Need Forum The CE Redesign Process h d Michael W. Horrigan Associate Commissioner Associate Commissione The philosophy of

82 views • 4 slides
Oral Presentation Module Outline: Please fill out the following outline while you are watching the

Oral Presentation Module Outline: Please fill out the following outline while you are watching the

Oral Presentation Module Outline: Please fill out the following outline while you are watching the videos, and bring a copy to class. Video 1: Oral Presentation Skill Areas Some different types of oral presentations you may encounter in your

372 views • 3 slides
Outline Framework Antiderivative Functions Applications Conclusion Outline Framework

Outline Framework Antiderivative Functions Applications Conclusion Outline Framework

Antiderivative Functions over F 2 n Valentin SUDER Seminar CALIN - Paris 13 April 12nd 2016. ComSec Lab, University of Waterloo ON, CANADA Outline Framework Antiderivative Functions Applications Conclusion Outline Framework Symmetric

999 views • 57 slides
NIKHIL.K.POTDUKHE Outline of UV spectrophotometer Outline of Recombinant DNA technology

NIKHIL.K.POTDUKHE Outline of UV spectrophotometer Outline of Recombinant DNA technology

NIKHIL.K.POTDUKHE Outline of UV spectrophotometer Outline of Recombinant DNA technology Application of UV spectroscopy in recombinant DNA technology References Lambert law: When a beam of light is allowed to pass through a

677 views • 38 slides
3/17/2009 OUTLINE OUTLINE Business Intelligence Business Intelligence Knowledge

3/17/2009 OUTLINE OUTLINE Business Intelligence Business Intelligence Knowledge

3/17/2009 OUTLINE OUTLINE Business Intelligence Business Intelligence Knowledge Management Paper by W. F. Cody BIKM J. T. Kreulen V. Krishna eClassifier W. S. Spangler Integrated BIKM Tools Presentation by Dylan Chi

492 views • 7 slides
Outline Outline Introduction (the concept of Desktop Grids) Objectives of the talk How to

Outline Outline Introduction (the concept of Desktop Grids) Objectives of the talk How to

Research Unit UTIC Laboratory LIPN , UMR 7030 ESSTT, University of Tunis CNRS, University of Paris 13 Outline Outline Introduction (the concept of Desktop Grids) Objectives of the talk How to decentralize Desktop Grid middlewares, p , Two

334 views • 18 slides

More recommend