ProHoster > Π‘Π»ΠΎΠ³ > Kev tswj hwm > Snort los yog Suricata. Ntu 3: Tiv Thaiv Lub Chaw Haujlwm Network

Snort los yog Suricata. Ntu 3: Tiv Thaiv Lub Chaw Haujlwm Network

Π’ tsab xov xwm dhau los Peb tau qhia koj yuav ua li cas khiav qhov ruaj khov version ntawm Suricata ntawm Ubuntu 18.04 LTS. Teeb tsa IDS ntawm ib qho thiab txuas cov cai pub dawb yog qhov yooj yim heev. Niaj hnub no peb yuav txheeb xyuas yuav ua li cas los tiv thaiv ib lub koom haum network los ntawm ntau hom kev tawm tsam siv Suricata ntsia ntawm lub server virtual. Txhawm rau ua qhov no, peb xav tau VDS ntawm Linux nrog ob lub khoos phis tawj. Tus nqi ntawm RAM nyob ntawm qhov load: rau qee qhov, 2 GB yog txaus, tab sis rau kev ua haujlwm hnyav dua, 4 lossis txawm tias 6 yuav tsum tau. thiab nce cov peev txheej raws li xav tau.

Snort los yog Suricata. Ntu 3: Tiv Thaiv Lub Chaw Haujlwm NetworkYees duab: Reuters

Kev sib txuas network

Hloov IDS mus rau lub tshuab virtual tej zaum yuav tsim nyog rau kev sim. Yog tias koj tsis tau daws nrog cov kev daws teeb meem zoo li no, koj yuav tsum tsis txhob maj mus xaj cov khoom siv lub cev thiab hloov lub network architecture. Nws yog qhov zoo dua los ntsuas qhov system kom nyab xeeb thiab tsis muaj nqi ntxiv los txiav txim siab koj cov kev xav tau ntawm kev siv computer. Nws yog ib qho tseem ceeb kom nkag siab tias tag nrho cov koom haum kev lag luam yuav tsum tau dhau los ntawm ib qho chaw sab nraud: txhawm rau txuas lub network hauv zos (lossis ob peb lub network) rau VDS nrog IDS Suricata ntsia, koj tuaj yeem siv. SoftEther - ib qho yooj yim-rau-teeb tsa tus ntoo khaub lig-platform VPN server uas muab kev encryption muaj zog. Ib qho chaw ua haujlwm hauv Is Taws Nem yuav tsis muaj tus IP tiag tiag, yog li nws yog qhov zoo dua los hloov kho nws mus rau VPS. Tsis muaj cov pob npaj ua tiav hauv Ubuntu repository; software yuav tsum tau rub tawm los ntawm qhov project website, los yog los ntawm lub chaw cia khoom sab nraud ntawm qhov kev pabcuam Launchpad (yog tias koj ntseeg nws):

sudo add-apt-repository ppa:paskal-07/softethervpn
sudo apt-get update

Koj tuaj yeem saib cov npe ntawm cov pob khoom siv tau siv cov lus txib hauv qab no:

apt-cache search softether

Snort los yog Suricata. Ntu 3: Tiv Thaiv Lub Chaw Haujlwm Network

Peb yuav xav tau softether-vpnserver (tus neeg rau zaub mov hauv qhov kev sim teeb tsa tau khiav ntawm VDS), nrog rau softether-vpncmd - cov kab hluav taws xob hais kom ua rau nws.

sudo apt-get install softether-vpnserver softether-vpncmd

Txhawm rau teeb tsa tus neeg rau zaub mov, siv qhov tshwj xeeb hais kom ua kab hluav taws xob:

sudo vpncmd

Snort los yog Suricata. Ntu 3: Tiv Thaiv Lub Chaw Haujlwm Network

Peb yuav tsis tham kom meej txog kev teeb tsa: cov txheej txheem yog qhov yooj yim heev, nws tau piav qhia zoo hauv ntau cov ntawv tshaj tawm thiab tsis cuam tshuam ncaj qha rau lub ntsiab lus ntawm tsab xov xwm. Hauv luv luv, tom qab pib vpncmd koj yuav tsum xaiv yam 1 mus rau server tswj console. Txhawm rau ua qhov no, koj yuav tsum nkag mus rau lub npe localhost thiab nias nkag es tsis txhob nkag mus rau lub npe ntawm lub hub. Nyob rau hauv lub console, teeb tus thawj coj lo lus zais nrog serverpasswordset hais kom ua, tshem tawm DEFAULT virtual hub (hubdelete hais kom ua) thiab tsim ib qho tshiab nrog lub npe Suricata_VPN, thiab kuj teem nws tus password (hubcreate command). Tom ntej no, koj yuav tsum mus rau qhov kev tswj hwm console ntawm lub hub tshiab siv lub hub Suricata_VPN hais kom ua los tsim ib pab pawg thiab cov neeg siv siv cov groupcreate thiab usercreate commands. Tus neeg siv lo lus zais tau teeb tsa siv userpasswordset.

SoftEther txhawb nqa ob hom kev sib kis: SecureNAT thiab Local Choj. Thawj qhov yog cov cuab yeej cuab tam rau kev tsim lub network ntiag tug virtual nrog nws tus kheej NAT thiab DHCP. SecureNAT tsis tas yuav TUN / TAP, thiab tsis xav tau Netfilter lossis lwm qhov chaw firewall. Routing tsis cuam tshuam rau lub hauv paus system, thiab tag nrho cov txheej txheem yog virtualized thiab khiav ntawm ib qho VPS / VDS, tsis hais tus hypervisor siv. Qhov no ua rau nce CPU load thiab txo qhov nrawm piv rau Local Choj hom, uas txuas SoftEther virtual hub rau lub cev lub cev hloov pauv lossis TAP ntaus ntawv.

Configuration nyob rau hauv cov ntaub ntawv no yuav nyuaj, txij li thaum routing tshwm sim nyob rau hauv lub ntsiav theem siv Netfilter. Peb VDS yog tsim los ntawm Hyper-V, yog li nyob rau hauv cov kauj ruam kawg peb tsim ib tug choj hauv zos thiab qhib lub TAP ntaus ntawv nrog cov lus txib bridgecreate Suricate_VPN -device: suricate_vpn -tap: yog. Tom qab tawm hauv lub hub tswj console, peb yuav pom ib tug tshiab network interface nyob rau hauv lub system, uas tseem tsis tau muab ib tug IP:

ifconfig

Snort los yog Suricata. Ntu 3: Tiv Thaiv Lub Chaw Haujlwm Network

Tom ntej no koj yuav tau ua kom pob ntawv routing ntawm interfaces (ip rau pem hauv ntej) yog tias nws tsis ua haujlwm:

sudo nano /etc/sysctl.conf

Tsis hais cov kab hauv qab no:

net.ipv4.ip_forward = 1

Peb khaws cov kev hloov pauv rau cov ntaub ntawv, tawm ntawm tus editor thiab siv lawv siv cov lus txib hauv qab no:

sudo sysctl -p

Tom ntej no, peb yuav tsum tau txhais lub subnet nrog qhov tseeb IPs rau lub network virtual (piv txwv li, 10.0.10.0/24) thiab muab qhov chaw nyob rau lub interface:

sudo ifconfig tap_suricata_vp 10.0.10.1/24

Tom qab ntawd koj yuav tau teeb tsa Netfilter cov cai.

1. Yog tias tsim nyog, tso cai rau cov ntawv xa tuaj ntawm cov chaw nres nkoj mloog (SoftEther proprietary raws tu qauv siv HTTPS thiab chaw nres nkoj 443)

sudo iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 992 -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 1194 -j ACCEPT
sudo iptables -A INPUT -p udp -m udp --dport 1194 -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 5555 -j ACCEPT

2. Configure NAT los ntawm 10.0.10.0/24 subnet mus rau lub ntsiab server IP

sudo iptables -t nat -A POSTROUTING -s 10.0.10.0/24 -j SNAT --to-source 45.132.17.140

3. Tso cov ntawv hla dhau los ntawm 10.0.10.0/24 subnet

sudo iptables -A FORWARD -s 10.0.10.0/24 -j ACCEPT

4. Tso cai rau cov ntawv hla dhau rau kev sib txuas uas twb tau tsim lawm

sudo iptables -A FORWARD -p all -m state --state ESTABLISHED,RELATED -j ACCEPT

Peb yuav tawm hauv automation ntawm cov txheej txheem thaum rov pib lub system siv cov ntawv sau pib ua haujlwm rau cov neeg nyeem.

Yog tias koj xav tau txiav tawm IP rau cov neeg siv khoom, koj tseem yuav tau nruab qee yam kev pabcuam DHCP rau tus choj hauv zos. Lub sijhawm no, kev teeb tsa server tiav thiab koj tuaj yeem txav mus rau cov neeg siv khoom. SoftEther txhawb ntau txoj cai, kev siv uas nyob ntawm lub peev xwm ntawm cov khoom siv hauv zos. 

netstat -ap |grep vpnserver

Snort los yog Suricata. Ntu 3: Tiv Thaiv Lub Chaw Haujlwm Network

Txij li thaum peb qhov kev sim router kuj tseem khiav Ubuntu, peb yuav nruab cov softether-vpnclient thiab softether-vpncmd pob ntawm nws los ntawm ib qho chaw cia sab nraud txhawm rau siv cov txheej txheem tsim khoom. Koj yuav tsum pib tus neeg siv khoom:

sudo vpnclient start

Txhawm rau teeb tsa, siv cov khoom siv vpncmd, xaiv localhost raws li lub tshuab uas vpnclient tab tom khiav. Tag nrho cov lus txib yog ua nyob rau hauv lub console: koj yuav tsum tau tsim ib tug virtual interface (NicCreate) thiab ib tug account (AccountCreate).

Qee qhov xwm txheej, koj yuav tsum tau teeb tsa txoj kev lees paub siv tus AccountAnonymousSet, AccountPasswordSet, AccountCertSet, thiab AccountSecureCertSet cov lus txib. Txij li thaum peb tsis siv DHCP, qhov chaw nyob rau lub virtual adapter yog teem manually.

Tsis tas li ntawd, peb yuav tsum tau ua kom ip rau pem hauv ntej (net.ipv4.ip_forward=1 parameter hauv /etc/sysctl.conf file) thiab teeb tsa txoj hauv kev zoo li qub. Yog tias tsim nyog, koj tuaj yeem teeb tsa chaw nres nkoj xa mus rau ntawm VDS nrog Suricata siv cov kev pabcuam teeb tsa hauv lub network hauv zos. Lub sijhawm no, kev sib koom ua ke ntawm tes hauj lwm tuaj yeem suav tias ua tiav.

Peb qhov kev thov configuration yuav zoo li no:

Snort los yog Suricata. Ntu 3: Tiv Thaiv Lub Chaw Haujlwm Network

Teeb tsa Suricata

Π’ tsab xov xwm dhau los peb tau tham txog ob hom kev ua haujlwm IDS: los ntawm NFQUEUE kab (NFQ hom) thiab dhau xoom daim ntawv (AF_PACKET hom). Qhov thib ob xav tau ob lub interfaces, tab sis sai dua - peb yuav siv nws. Qhov kev xaiv yog teem los ntawm lub neej ntawd hauv /etc/default/suricata. Peb kuj tseem yuav tau hloov kho vars ntu hauv /etc/suricata/suricata.yaml, sau npe lub subnet virtual muaj nyob hauv tsev.

Snort los yog Suricata. Ntu 3: Tiv Thaiv Lub Chaw Haujlwm Network

Txhawm rau rov pib IDS siv cov lus txib:

systemctl restart suricata

Cov kev daws teeb meem yog npaj txhij, tam sim no koj yuav tsum tau sim nws kom tiv thaiv cov neeg tawm tsam.

Simulating kev tawm tsam

Nws tuaj yeem muaj ntau qhov xwm txheej rau kev sib ntaus sib tua ntawm kev pabcuam IDS sab nraud:

Kev tiv thaiv tiv thaiv DDoS tawm tsam (lub hom phiaj tseem ceeb)

Nws yog ib qho nyuaj rau kev siv qhov kev xaiv no nyob rau hauv ib lub koom haum network, txij li thaum pob ntawv rau kev tsom xam yuav tsum mus txog lub system lub Internet-facing interface. Txawm hais tias IDS thaiv lawv, spurious tsheb tuaj yeem cuam tshuam cov ntaub ntawv txuas. Txhawm rau zam qhov no, koj yuav tsum tau xaj VPS nrog kev sib txuas hauv Is Taws Nem muaj zog txaus uas tuaj yeem dhau los ntawm txhua qhov kev sib txuas hauv zej zog thiab tag nrho cov tsheb sab nraud. Qhov no feem ntau yooj yim dua thiab pheej yig dua ua dua li nthuav cov chaw ua haujlwm channel. Raws li lwm txoj hauv kev, nws tsim nyog hais txog cov kev pabcuam tshwj xeeb rau kev tiv thaiv DDoS. Tus nqi ntawm lawv cov kev pabcuam yog piv rau tus nqi ntawm tus neeg rau zaub mov virtual, thiab kev teeb tsa kev ua haujlwm hnyav tsis tas yuav tsum muaj, tab sis kuj tseem muaj qhov tsis zoo - rau lawv cov nyiaj cov neeg siv khoom tsuas yog tau txais kev tiv thaiv DDoS, thaum lawv tus kheej IDS tuaj yeem teeb tsa raws li qhov xav tau.

Kev tiv thaiv tawm tsam lwm hom kev tawm tsam sab nraud

Suricata muaj peev xwm tiv nrog kev sim siv ntau yam tsis zoo hauv cov koom haum network kev pabcuam nkag tau los ntawm Is Taws Nem (mail server, web server thiab web applications, thiab lwm yam). Feem ntau, rau lub hom phiaj no, IDS tau teeb tsa hauv cheeb tsam hauv cheeb tsam tom qab cov khoom siv ntug, tab sis txav mus rau sab nraud kuj muaj cai muaj nyob.

Kev tiv thaiv los ntawm cov neeg tawm tsam sab hauv

Txawm hais tias tag nrho cov kev siv zog ntawm tus thawj tswj hwm, cov khoos phis tawj ntawm lub tuam txhab network tuaj yeem kis tus kab mob malware. Tsis tas li ntawd, hooligans qee zaum tshwm sim hauv cheeb tsam hauv cheeb tsam thiab sim ua qee yam kev ua txhaum cai. Suricata tuaj yeem pab thaiv cov kev sim no, txawm hais tias los tiv thaiv lub network sab hauv nws yog qhov zoo dua rau nruab nws hauv ib puag ncig thiab siv nws ua ke nrog kev tswj hwm kev hloov pauv uas tuaj yeem tsom mus rau ib qho chaw nres nkoj. Ib qho IDS sab nraud tsis muaj txiaj ntsig hauv qhov no ib qho - tsawg kawg nws yuav tuaj yeem ntes tau sim los ntawm malware nyob hauv LAN hu rau lwm tus neeg rau zaub mov.

Txhawm rau pib, peb yuav tsim lwm qhov kev sim tawm tsam VPS, thiab ntawm lub network router hauv zos peb yuav nruab Apache nrog lub neej ntawd teeb tsa, thiab tom qab ntawd xa mus rau chaw nres nkoj 80 los ntawm IDS server rau nws. Tom ntej no peb yuav simulate DDoS nres los ntawm qhov tawm tsam. Txhawm rau ua qhov no, rub tawm los ntawm GitHub, suav nrog thiab khiav ib qho kev pabcuam xerxes me me ntawm qhov kev tawm tsam (koj yuav tsum tau nruab gcc pob):

git clone https://github.com/Soldie/xerxes-DDos-zanyarjamal-C.git
cd xerxes-DDos-zanyarjamal-C/
gcc xerxes.c -o xerxes 
./xerxes 45.132.17.140 80

Cov txiaj ntsig ntawm nws txoj haujlwm yog raws li nram no:

Snort los yog Suricata. Ntu 3: Tiv Thaiv Lub Chaw Haujlwm Network

Suricata txiav tawm tus neeg phem, thiab nplooj ntawv Apache qhib los ntawm lub neej ntawd, txawm hais tias peb qhov kev tawm tsam sai thiab cov channel tuag ntawm "chaw ua haujlwm" (hauv tsev) network. Rau kev ua haujlwm hnyav dua nws tsim nyog siv Metasploit Framework. Nws yog tsim los rau kev ntsuam xyuas nkag thiab tso cai rau koj simulate ntau yam kev tawm tsam. Cov lus qhia installation muaj ntawm qhov project website. Tom qab kev teeb tsa, yuav tsum muaj qhov hloov tshiab:

sudo msfupdate

Rau kev sim, khiav msfconsole.

Snort los yog Suricata. Ntu 3: Tiv Thaiv Lub Chaw Haujlwm Network

Hmoov tsis zoo, qhov tseeb versions ntawm lub moj khaum tsis muaj peev xwm los txiav txim siab hack, yog li kev siv yuav tsum tau txheeb xyuas manually thiab pib siv cov lus txib siv. Ua ntej, koj yuav tsum txiav txim siab cov chaw nres nkoj qhib ntawm lub tshuab tawm tsam, piv txwv li, siv nmap (hauv peb rooj plaub, nws yuav raug hloov tag nrho los ntawm netstat ntawm tus tswv tsev tawm tsam), thiab tom qab ntawd xaiv thiab siv qhov tsim nyog. Metasploit modules

Muaj lwm txoj hauv kev los ntsuas qhov kev tawm tsam ntawm IDS rau kev tawm tsam, suav nrog cov kev pabcuam online. Rau lub hom phiaj ntawm kev xav paub, koj tuaj yeem npaj kev ntsuas kev ntxhov siab siv qhov kev sim version IP Stresser. Txhawm rau tshuaj xyuas cov tshuaj tiv thaiv rau kev ua ntawm cov neeg tawm tsam sab hauv, nws tsim nyog rau kev txhim kho cov cuab yeej tshwj xeeb ntawm ib qho ntawm cov tshuab hauv lub network hauv zos. Muaj ntau txoj kev xaiv thiab ib ntus lawv yuav tsum tau siv tsis yog rau qhov chaw sim, tab sis kuj rau cov tshuab ua haujlwm, tab sis qhov no yog ib zaj dab neeg sib txawv kiag li.

Snort los yog Suricata. Ntu 3: Tiv Thaiv Lub Chaw Haujlwm Network

Snort los yog Suricata. Ntu 3: Tiv Thaiv Lub Chaw Haujlwm Network

Tau qhov twg los: www.hab.com

Ntxiv ib saib