Bro Network Programming Language & Bro-ids v2.1 Detecting Expiring SSL Certificates

Presented by Liam Randall 2013-3

ABOUT ME History  17 Years Consulting (1995)  BS in CS from XU  Dozens of Vender Certs  Speak/Train- Shmoocon, Skydogcon  “Applied NSM” Summer of 2013  #Bro  #SecurityOnion  [email protected]  @Hectaman Twitter/IRC

LINKS

github.com/bro github.com/liamrandall

#Bro_IDS @Hectaman @Bro_IDS

http://bro-ids.org http://liamrandall.com

OVERVIEW

“Can Bro IDS tell me when my SSL/TLS Certificates are about to expire?”

It already does.

FOLLOW ALONG Documentation http://www.bro-ids.org/documentationgit/scripts/policy/protocols/ssl/expiring-certs.html TL;DR: Add the following to your local.bro  @load policy/protocols/ssl/expiring-certs.bro  redef SSL::notify_certs_expiration = ALL_HOSTS; ( LOCAL_HOSTS, REMOTE_HOSTS, ALL_HOSTS, NO_HOSTS )

SSL/TLS USE CASES Widespread + + + + +

Credit Checks Authorization and Accounting Supply Chain Management e-Commerce Marketing

HTTPS

SMTP POP/IMAP

SSL/TLS VPN

SIP (DTLS)

DEMONSTRATION @load policy/protocols/ssl/expiring-certs.bro redef SSL::notify_certs_expiration = ALL_HOSTS; sudo broctl check sudo broctl install sudo broctl restart

DEMONSTRATION @load policy/protocols/ssl/expiring-certs.bro redef SSL::notify_certs_expiration = ALL_HOSTS; sudo broctl check sudo broctl install sudo broctl restart

DEMONSTRATION @load policy/protocols/ssl/expiring-certs.bro redef SSL::notify_certs_expiration = ALL_HOSTS; sudo broctl check sudo broctl install sudo broctl restart

DEMONSTRATION @load policy/protocols/ssl/expiring-certs.bro redef SSL::notify_certs_expiration = ALL_HOSTS; sudo broctl check sudo broctl install sudo broctl restart

DEMONSTRATION @load policy/protocols/ssl/expiring-certs.bro redef SSL::notify_certs_expiration = ALL_HOSTS; sudo broctl check sudo broctl install sudo broctl restart

DEMONSTRATION @load policy/protocols/ssl/expiring-certs.bro redef SSL::notify_certs_expiration = ALL_HOSTS; sudo broctl check sudo broctl install sudo broctl restart

DEMONSTRATION @load policy/protocols/ssl/expiring-certs.bro redef SSL::notify_certs_expiration = ALL_HOSTS; sudo broctl check sudo broctl install sudo broctl restart - or test from the command line bro –r test.pcap expiring-certs.bro config.bro

REAL WORLD: TLS EDITION Clients

Partners

REAL WORLD: TLS EDITION Clients

Partners

REAL WORLD: TLS EDITION Clients

Partners

REAL WORLD: TLS EDITION Clients

Partners

REAL WORLD: TLS EDITION Clients

Partners

REAL WORLD: TLS EDITION Clients

Partners

REAL WORLD: TLS EDITION Clients

Partners

REAL WORLD: TLS EDITION Clients

Partners

CONCLUSION

“How much will it cost your organization to not run Bro IDS?”

Bro Network Programming Language & Bro-ids v2.1 - GitHub

HTTPS. SMTP. POP/IMAP. SSL/TLS. VPN. SIP. (DTLS). SSL/TLS USE CASES. + Credit Checks. + Authorization and Accounting. + Supply Chain Management. + e-Commerce. + Marketing. Widespread ...

1MB Sizes 12 Downloads 103 Views

Recommend Documents

BRO AND BRO-IDS - GitHub
Feb 17, 2013 - Larger Data Pipes; 10 x10 Gbps. Variety of Traffic. ISPs, Multinationals .... A vulnerable version of software was detected: Safari 4.0.0-Mobile ..... The compromised companies are not the final target. ... july-2012_itl-bulletin.pdf.

The Ruby Programming Language - GitHub
You'll find a guide to the structure and organization of this book in Chapter 1. ..... Determine US generation name based on birth year ...... curly braces: "360 degrees=#{2*Math::PI} radians" # "360 degrees=6.28318530717959 radians" ...... of comput

Programming - GitHub
Jan 16, 2018 - The second you can only catch by thorough testing (see the HW). 5. Don't use magic numbers. 6. Use meaningful names. Don't do this: data("ChickWeight") out = lm(weight~Time+Chick+Diet, data=ChickWeight). 7. Comment things that aren't c

Interactive Console for the C Programming Language ... - GitHub
ccons. Interactive Console for the C. Programming Language. COMP 490 - Computer Science Project I. Concordia University - Winter 2009 by Alexei Svitkine.

Build Your Own Programming Language with JavaScript - GitHub
Build Your Own. Programming Language ... Parser generators! OMeta-JS. Jison. PEG.js. JS/CC ... ook/LISP%201.5%20Programmers%20Manual.pdf.

VDM-10 Language Manual - GitHub
Overture Technical Report Series. No. TR-001. May 2017 ... Document history. Month. Year Version Version of Overture.exe Comment. April ... Contents. 1 Introduction. 1. 1.1 The VDM Specification Language (VDM-SL) . ..... 13.3.1 Classes .

Sliceable Network Management API - GitHub
virtualizing all layer 2 functions the API distributes resource management such ... can be categorized as Infrastructure as a Service (IaaS) in the cloud computing.

The C programming Language
developed, since both the system and most of the programs that run on it are written in C. The language, however, is not tied .... Most can be written in C, and except for the operating system details they conceal, are ... Chapter 7 describes the sta