💎 توپولوژی IDS using a Network Tap چیست؟
💎 لینک گروه الماس
https://t.iss.one/joinchat/BDE3OQ2LakQWk-JDHFiNaQ
@iranopensource🐧
💎 لینک گروه الماس
https://t.iss.one/joinchat/BDE3OQ2LakQWk-JDHFiNaQ
@iranopensource🐧
Iran Open Source (IOS)
💎 توپولوژی IDS using a Network Tap چیست؟ 💎 لینک گروه الماس https://t.iss.one/joinchat/BDE3OQ2LakQWk-JDHFiNaQ @iranopensource🐧
بطور کلی ما دو نوع تکنولوژی برای capture کردن packetهای شبکه توسط IDSها داریم:
1️⃣ تکنولوژی Port mirroring
2️⃣ تکنولوژی Network taps
تکنولوژی Network taps دیدگاهش اتصال به deviceها بصورت OOB یا Out-Of-Band از طریق Network taps جهت مانیتور و capture کردن packetهای یک segment از شبکه با استفاده از لینک های point-to-point است. مثلاً در شکل فوق از ارتباط Tap برای Capture کردن لینک بین شبکه Firewall و Switch و پکت هایی که بین این دو (شبکه Outside و Inside) منتقل می شود می توانیم استفاده نماییم. در واقع پیاده سازی IDS در این حالت به شما و سازمانتان این اجازه را می دهد که بدون اینکه توپولوژی شبکه و زیرساختتان را تغییر دهید ترافیک لینک ها را مانیتور نمایید. این روش، یک روش Passive Monitoring است. وقتی شما تنظیم می کنید که IDS تان در مد Tap Mode پیکربندی شود، در واقع یه کپی از packetها به سمت آن ارسال می شود. به مد Tap Mode اصطلاحاً monitor-only mode نیز گفته می شود.
شما فرض کنید IDSتان یک Cisco FirePower است و بصورت زیر آن را در مد monitor-only کانفیگ کرده اید. در این شرایط یک کپی از ترافیک توسط Network TAP بر روی IDS شما ارسال شده و IDS ترافیک را به این صورت Capture و مانیتور می کند. (چه inside trafficها و چه outside ترافیک ها)
firewall transparent
!
interface GigabitEthernet1/1
no nameif
no security-level
traffic-forward sfr monitor-only
لینک1: https://www.cisco.com/c/en/us/td/docs/security/firepower/hw/firepower_device/firepower_7k8k_device/deployment.html
لینک2: https://finkotek.com/cisco-firepower-inline-tap/
میثم ناظمی
@iranopensource🐧
1️⃣ تکنولوژی Port mirroring
2️⃣ تکنولوژی Network taps
تکنولوژی Network taps دیدگاهش اتصال به deviceها بصورت OOB یا Out-Of-Band از طریق Network taps جهت مانیتور و capture کردن packetهای یک segment از شبکه با استفاده از لینک های point-to-point است. مثلاً در شکل فوق از ارتباط Tap برای Capture کردن لینک بین شبکه Firewall و Switch و پکت هایی که بین این دو (شبکه Outside و Inside) منتقل می شود می توانیم استفاده نماییم. در واقع پیاده سازی IDS در این حالت به شما و سازمانتان این اجازه را می دهد که بدون اینکه توپولوژی شبکه و زیرساختتان را تغییر دهید ترافیک لینک ها را مانیتور نمایید. این روش، یک روش Passive Monitoring است. وقتی شما تنظیم می کنید که IDS تان در مد Tap Mode پیکربندی شود، در واقع یه کپی از packetها به سمت آن ارسال می شود. به مد Tap Mode اصطلاحاً monitor-only mode نیز گفته می شود.
شما فرض کنید IDSتان یک Cisco FirePower است و بصورت زیر آن را در مد monitor-only کانفیگ کرده اید. در این شرایط یک کپی از ترافیک توسط Network TAP بر روی IDS شما ارسال شده و IDS ترافیک را به این صورت Capture و مانیتور می کند. (چه inside trafficها و چه outside ترافیک ها)
firewall transparent
!
interface GigabitEthernet1/1
no nameif
no security-level
traffic-forward sfr monitor-only
لینک1: https://www.cisco.com/c/en/us/td/docs/security/firepower/hw/firepower_device/firepower_7k8k_device/deployment.html
لینک2: https://finkotek.com/cisco-firepower-inline-tap/
میثم ناظمی
@iranopensource🐧
Cisco
Cisco Firepower 7000 and 8000 Series Installation Guide, Version 6.x - Deploying Firepower Managed Devices [Cisco FirePOWER 7000…
💎 مزایای یک In-House SOC و یک Virtual SOC
💎 لینک گروه الماس
https://t.iss.one/joinchat/BDE3OQ2LakQWk-JDHFiNaQ
@iranopensource🐧
💎 لینک گروه الماس
https://t.iss.one/joinchat/BDE3OQ2LakQWk-JDHFiNaQ
@iranopensource🐧
💎 مقاله: انواع استراتژی های پیاده سازی Network IDS/IPS از دیدگاه SANS
💎 لینک گروه الماس
https://t.iss.one/joinchat/BDE3OQ2LakQWk-JDHFiNaQ
@iranopensource🐧
💎 لینک گروه الماس
https://t.iss.one/joinchat/BDE3OQ2LakQWk-JDHFiNaQ
@iranopensource🐧
Iran Open Source (IOS)
💎 لینک گروه الماس https://t.iss.one/joinchat/BDE3OQ2LakQWk-JDHFiNaQ @iranopensource🐧
Practical Windows Forensics by Ayman Shaaban & Konstantin Sapronov #Pactical_Windows_Forensics
----------------------------------
Over the last few years, the wave of the cybercrime has risen rapidly. We have witnessed many major attacks on the governmental, military, financial, and media sectors. Tracking all these attacks and crimes requires a deep understanding of operating system operations, how to extract evident data from digital evidence, and the best usage of the digital forensic tools and techniques. Regardless of your level of experience in the field of information security in general, this book will fully introduce you to digital forensics. It will provide you with the knowledge needed to assemble different types of evidence effectively, and walk you through the various stages of the analysis process.
We start by discussing the principles of the digital forensics process and move on to show you the approaches that are used to conduct analysis. We will then study various tools to perform live analysis, and go through different techniques to analyze volatile and non-volatile data.
-------------------------------———————
2016 | PDF | 314 pages | 19.8 MB
-----------------———————————
@iranopensource🐧
----------------------------------
Over the last few years, the wave of the cybercrime has risen rapidly. We have witnessed many major attacks on the governmental, military, financial, and media sectors. Tracking all these attacks and crimes requires a deep understanding of operating system operations, how to extract evident data from digital evidence, and the best usage of the digital forensic tools and techniques. Regardless of your level of experience in the field of information security in general, this book will fully introduce you to digital forensics. It will provide you with the knowledge needed to assemble different types of evidence effectively, and walk you through the various stages of the analysis process.
We start by discussing the principles of the digital forensics process and move on to show you the approaches that are used to conduct analysis. We will then study various tools to perform live analysis, and go through different techniques to analyze volatile and non-volatile data.
-------------------------------———————
2016 | PDF | 314 pages | 19.8 MB
-----------------———————————
@iranopensource🐧
Iran Open Source (IOS)
💎 لینک گروه الماس https://t.iss.one/joinchat/BDE3OQ2LakQWk-JDHFiNaQ @iranopensource🐧
The Art of Memory Forensics Detecting Malware and Threats in Windows, Linux, and Mac Memory 1st Edition by Michael Hale Ligh & Andrew Case & others
-------------------
Memory forensics provides cutting edge technology to help investigate digital attacks
Memory forensics is the art of analyzing computer memory (RAM) to solve digital crimes. As a follow-up to the best seller Malware Analyst's Cookbook, experts in the fields of malware, security, and digital forensics bring you a step-by-step guide to memory forensics—now the most sought after skill in the digital forensics and incident response fields.
Beginning with introductory concepts and moving toward the advanced, The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory is based on a five day training course that the authors have presented to hundreds of students. It is the only book on the market that focuses exclusively on memory forensics and how to deploy such techniques properly. Discover memory forensics techniques:
How volatile memory analysis improves digital investigations
Proper investigative steps for detecting stealth malware and advanced threats
How to use free, open source tools for conducting thorough memory forensics
Ways to acquire memory from suspect systems in a forensically sound manner
The next era of malware and security breaches are more sophisticated and targeted, and the volatile memory of a computer is often overlooked or destroyed as part of the incident response process. The Art of Memory Forensics explains the latest technological innovations in digital forensics to help bridge this gap. It covers the most popular and recently released versions of Windows, Linux, and Mac, including both the 32 and 64-bit editions.
--------------—————————————-
2014 | PDF | 914 pages | 7,18 MB
---------------—————————————
@iranopensource🐧
-------------------
Memory forensics provides cutting edge technology to help investigate digital attacks
Memory forensics is the art of analyzing computer memory (RAM) to solve digital crimes. As a follow-up to the best seller Malware Analyst's Cookbook, experts in the fields of malware, security, and digital forensics bring you a step-by-step guide to memory forensics—now the most sought after skill in the digital forensics and incident response fields.
Beginning with introductory concepts and moving toward the advanced, The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory is based on a five day training course that the authors have presented to hundreds of students. It is the only book on the market that focuses exclusively on memory forensics and how to deploy such techniques properly. Discover memory forensics techniques:
How volatile memory analysis improves digital investigations
Proper investigative steps for detecting stealth malware and advanced threats
How to use free, open source tools for conducting thorough memory forensics
Ways to acquire memory from suspect systems in a forensically sound manner
The next era of malware and security breaches are more sophisticated and targeted, and the volatile memory of a computer is often overlooked or destroyed as part of the incident response process. The Art of Memory Forensics explains the latest technological innovations in digital forensics to help bridge this gap. It covers the most popular and recently released versions of Windows, Linux, and Mac, including both the 32 and 64-bit editions.
--------------—————————————-
2014 | PDF | 914 pages | 7,18 MB
---------------—————————————
@iranopensource🐧
💎 لینک گروه الماس (تشکر از مهندس عشقی عزیز جهت به اشتراک گذاری این کتاب در گروه امنیتی الماس)
https://t.iss.one/joinchat/BDE3OQ2LakQWk-JDHFiNaQ
@iranopensource🐧
https://t.iss.one/joinchat/BDE3OQ2LakQWk-JDHFiNaQ
@iranopensource🐧
💎 مقاله Survey: درباره Security Operation Center از SANS (سال 2018)
💎 لینک گروه الماس
https://t.iss.one/joinchat/BDE3OQ2LakQWk-JDHFiNaQ
@iranopensource🐧
💎 لینک گروه الماس
https://t.iss.one/joinchat/BDE3OQ2LakQWk-JDHFiNaQ
@iranopensource🐧
Iran Open Source (IOS)
💎 لینک گروه الماس https://t.iss.one/joinchat/BDE3OQ2LakQWk-JDHFiNaQ @iranopensource🐧
Flexible Network Architectures Security: Principles and Issues by Bhawana Rudra #Network #Architectures #Security
------------------------------
The future of Internet security doesn’t lie in doing more of the same. It requires not only a new architecture, but the means of securing that architecture. Two trends have come together to make the topic of this book of vital interest. First, the explosive growth of the Internet connections for the exchange of information via networks increased the dependence of both organizations and individuals on the systems stored and communicated. This, in turn, has increased the awareness for the need to protect the data and add security as chief ingredient in the newly emerged architectures. Second, the disciplines of cryptography and network security have matured and are leading to the development of new techniques and protocols to enforce the network security in Future Internet. This book examines the new security architectures from organizations such as FIArch, GENI, and IETF and how they’ll contribute to a more secure Internet.
-----------------------------——————————-
2018 | PDF | 325 pages | 8,71 MB
-------------------------------—————————-
@iranopensource🐧
------------------------------
The future of Internet security doesn’t lie in doing more of the same. It requires not only a new architecture, but the means of securing that architecture. Two trends have come together to make the topic of this book of vital interest. First, the explosive growth of the Internet connections for the exchange of information via networks increased the dependence of both organizations and individuals on the systems stored and communicated. This, in turn, has increased the awareness for the need to protect the data and add security as chief ingredient in the newly emerged architectures. Second, the disciplines of cryptography and network security have matured and are leading to the development of new techniques and protocols to enforce the network security in Future Internet. This book examines the new security architectures from organizations such as FIArch, GENI, and IETF and how they’ll contribute to a more secure Internet.
-----------------------------——————————-
2018 | PDF | 325 pages | 8,71 MB
-------------------------------—————————-
@iranopensource🐧