Thursday were nearly at the FRIDAY..
Today we move on to the Introduction to SIEM room on THM!
In this module we cover the basic’sof what a SIEM is and the various other topics such as Network Visibility through SIEM, Log Sources and Log Ingestion, Analysing Logs and Alerts and in true THM style we finish off with a practical example!
Overall quite and interesting topic and good to know what goes on ‘under the hood’ with regards to a SIEM!
Next we move on to the Firewall Fundamentals module!
In this module we discuss Firewall’s (the name gave it away) and the various tytpes which can be implemented such as Stateless Firewall’s, Stateful Firewall, Proxy Firewall & Next-Generation Firewall (NGFW) and what are the advatages of each and some of the drawbacks with each type which can be implemented.
Pretty simple stuff!
Keeping on keeping on, we now have moved over to a topic that I am not overally familiar with which is IDS Fundamentals so this should be a good module for me to get a bit further knowledge on the subject!
This module covers Types of IDS (Host Intrusion Detection System (HIDS), Network Intrusion Detection System (NIDS,) and various detection modes such as Signature-Based IDS, Anomaly-Based IDS & Hybrid IDS.
We then move over to types of IDS with Snort being the open source example which is used within this room.
We learn about Snort and the modes which is incorporated within the open source application which can be enabled and used.
During the module we also use the Snort and create a rule to capture any requests made to our loopback address at 127.0.0.1 to capture any ICMP pings that are made to that address.
In the last exercise, we are asked to use Snort’s PCAP analysing tool in order to look into a PCAP file and check for the IP trying to acess the internal machine via SSH and what is the SID is associated within the /etc/snort/rules/local.rules file.
Quite a run room and I feel as If I have learned quite a bit, Big up Snort!
Then last in the Security Solutions section of this path we move on to the Vulnerability Scanner Overview, while I am quite used to using Nessus by Tenable I haven’t really used OpenVAS so this should be something new!
This room focusing on Vulnerability Scanning, Tools for Vulnerability Scanning, CVE & CVSS & OpenVAS which culminates in a practical at the end of the room using OpenVAS.
Overall, easy room as all vulnerability scanners roughly work the same!
Until next time & don’t sleepwalk through life!
Bless