ezeekonfigurator ezeekonfigurator
play

eZeeKonfigurator eZeeKonfigurator Vlad Grigorescu Vlad Grigorescu - PowerPoint PPT Presentation

Jul 10, 2023 •144 likes •365 views

eZeeKonfigurator eZeeKonfigurator Vlad Grigorescu Vlad Grigorescu vlad@es.net Zeek Week 2019 Outline Outline 1. Background & Motivation 2. Demo 3. Design & Architecture 4. Roadmap & Future Plans 5. How To Try It (...and

  1. eZeeKonfigurator eZeeKonfigurator Vlad Grigorescu Vlad Grigorescu vlad@es.net Zeek Week 2019

  2. Outline Outline 1. Background & Motivation 2. Demo 3. Design & Architecture 4. Roadmap & Future Plans 5. How To Try It (...and Contribute?) 6. Q & A

  3. $ cat $vlad/.plan I am a... Zeek user Zeek developer ESnet security engineer

  4. What is ESnet? What is ESnet? A bleeding-edge network that connects national labs, CERN, NASA, etc. Enabling "science in the cloud." ISP for thousands of users

  5. Challenges Challenges “ Data rates of around 40Tb/s going 950 lit 100 Gbps ports into the ATLAS, CMS, and LHCb 3 PB of ingress traffic/day software triggers imply an overall 10x growth every 47 months volume of around 60 exabytes of data 400 locations in the US & Europe to be processed per year... Requirement: 99.999% uptime

  6. Goal: Config Management Goal: Config Management

  7. Goal: Config Management Goal: Config Management

  8. Goal: Policy/Script Goal: Policy/Script 1 event http_request(c: connection, method: string, original_URI: string, 2 unescaped_URI: string, version: string) &priority=3 3 { 4 if ( sensitive_URIs in unescaped_URI ) 5 { 6 NOTICE ([$note= HTTP_SensitiveURI , $msg=message, ...); 7 }

  9. Goal: Policy/Script Goal: Policy/Script 1 redef sensitive_URIs += 2 /.*Copy_of_UPS_Label\.zip/| 3 /.*Delivery_Information.*\.zip/| 4 /.*Label_Copy_UPS\.zip/| 5 /.*qiss\.ucoz\.com.*/| 6 /.*semtex\.c/| 7 /\?-s\+%3d/| 8 /\?-d\+auto_prepend_file/| 9 /\.\.%2Fetc%2Fpasswd/| 10 /\.\.%2Fboot\.ini/| 11 /\.\.\/\.\.\/proc\/self\/fd/| 12 /\.\.\/\.\.\/proc\/self\/version/| 13 /\.\.\\\.\.\\windows\\win\.ini/| 14 /\.\.\/boot\.ini/| 15 /\.\.\/etc\/httpd\/logs\/error\.log/| 16 /\.\.\/etc\/httpd\/logs\/error_log/| 17 /\.\.\/var\/log\/apache\/error\.log/| 18 /\.\.\/var\/log\/apache2\/error\.log/| 19 /\.\.\\windows\\win.ini/| 20 /\.\.\/windows\/iis6\.log/| 21 /\.\.\/windows\/iis6\.log/| 22 /\/admin-console/| 23 /boot\.ini/| 24 /\/(cmd|root|tftp)\.exe/| 25 /c99.php/| 26 /c99shell.php/| 27 /\.htaccess\/sh/| 28 /index.php\?-s/| 29 /index.php?session_to_unset=/| 30 /index.php\?-dsafe_mode/| 31 /index.php\?-dallow_url_include/| 32 /open_basedir=none/| 33 /php:\/\/input\+-d\+cgi\.force_redirect/| 34 /php.cgi\?-d\+allow_url_include/| 35 /ppcrlconfig.bin/|

  10. Goal: Policy/Script Goal: Policy/Script 1 redef sensitive_URIs += 2 /.*Copy_of_UPS_Label\.zip/| 3 /.*Delivery_Information.*\.zip/| 4 /.*Label_Copy_UPS\.zip/| 5 /.*qiss\.ucoz\.com.*/| 6 /.*semtex\.c/| 7 /\?-s\+%3d/| 8 /\?-d\+auto_prepend_file/| 9 /\.\.%2Fetc%2Fpasswd/| 10 /\.\.%2Fboot\.ini/| 11 /\.\.\/\.\.\/proc\/self\/fd/| 12 /\.\.\/\.\.\/proc\/self\/version/| 13 /\.\.\\\.\.\\windows\\win\.ini/| 14 /\.\.\/boot\.ini/| 15 /\.\.\/etc\/httpd\/logs\/error\.log/| 16 /\.\.\/etc\/httpd\/logs\/error_log/| 1 $ fgrep '/|' esnet-http.zeek 17 /\.\.\/var\/log\/apache\/error\.log/| 2 218 18 /\.\.\/var\/log\/apache2\/error\.log/| 3 $ egrep -c '.' esnet-http.zeek 19 /\.\.\\windows\\win.ini/| 4 316 20 /\.\.\/windows\/iis6\.log/| 21 /\.\.\/windows\/iis6\.log/| 22 /\/admin-console/| 23 /boot\.ini/| 24 /\/(cmd|root|tftp)\.exe/| 25 /c99.php/| 26 /c99shell.php/| 27 /\.htaccess\/sh/| 28 /index.php\?-s/| 29 /index.php?session_to_unset=/| 30 /index.php\?-dsafe_mode/| 31 /index.php\?-dallow_url_include/| 32 /open_basedir=none/| 33 /php:\/\/input\+-d\+cgi\.force_redirect/| 34 /php.cgi\?-d\+allow_url_include/| 35 /ppcrlconfig.bin/|

  11. Goal: Policy/Script Goal: Policy/Script 1 if (! Site ::is_neighbor_addr(c$id$orig_h) && ! Site ::is_local_addr(c$id$orig_h)){ 2 if (!(c$id$orig_h in rdp_whitelist && rdp_whitelist[c$id$orig_h] == c$id$resp_h) && 3 !(c$id$orig_h in rdp_friendly_nets)){ 4 NOTICE ([$note= ESnet :: External_Desktop_Threshold ,

  12. https://nsmdb-east.es.net/ez/

  13. eZeeKonfigurator Features eZeeKonfigurator Features Quickly push out changes to any number of Zeek clusters Be able to set any type of option Change tracking Auditing Document "magic" values

  14. eZeeKonfigurator Applications eZeeKonfigurator Applications Notice policy configuration package Quick and easy to set notice policy. Zeek Exporter package Measure the impact of a change Log filter package SumStat policy configuration package

  15. Architecture Architecture

  17. TODO TODO Expiration RBAC Better type safety: enum existence set uniqueness Better UI for configuring sensor groups

  18. Install: Server Install: Server pip install https://github.com/esnet/eZeeKonfigurator daphne eZeeKonfigurator.asgi:application

  19. Install: Client Install: Client zkg install ezk_client zeekctl deploy 1 The following packages will be INSTALLED : 2 ezk_client (0.1) 3 4 Proceed ? [ Y /n] Y 5 ezk_client asks for EZK_URL (web server URL ) ? [http://localhost:8000]

  20. What Can I Do? What Can I Do? Publish packages ...using options Try eZeeKonfigurator Fork it, help develop! ...or just loudly complain via GitHub issues

  21. OK, I'm in! OK, I'm in! Server: https://github.com/esnet/eZeeKonfigurator Client: https://github.com/esnet/ezk_client Presentation: https://software.es.net/eZeeKonfigurator/

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Graal, GraalVM, Truffle: What do they mean for polyglot developers? 26-27th March 2018 59th

Graal, GraalVM, Truffle: What do they mean for polyglot developers? 26-27th March 2018 59th

Graal, GraalVM, Truffle: What do they mean for polyglot developers? 26-27th March 2018 59th CREST Open Workshop UCL Presentation: live slides http://bit.ly/graal-polyglot-devs About me - Software Engineer - Interests: code quality, testing,

572 views • 38 slides
The quest for the IdM holy grail Stig Wennevold University of Troms Disclaimer The idea

The quest for the IdM holy grail Stig Wennevold University of Troms Disclaimer The idea

The quest for the IdM holy grail Stig Wennevold University of Troms Disclaimer The idea that this project will build a new super campus IdM system is incorrect And anyway we were not the project group We were not even the

540 views • 20 slides
DNSSEC on Campus By Michael Sinatra University of California, Berkeley You didnt think I

DNSSEC on Campus By Michael Sinatra University of California, Berkeley You didnt think I

DNSSEC on Campus By Michael Sinatra University of California, Berkeley You didnt think I was really going to use that font, did you? What we did Began validating DNSSEC responses on our caching resolvers using ISC DLV in October 2008

504 views • 21 slides
NDLUG NetBSD : Portable Hottness November 17, 2005 WTF is it? Not Linux, But Unix-Like

NDLUG NetBSD : Portable Hottness November 17, 2005 WTF is it? Not Linux, But Unix-Like

NDLUG NetBSD : Portable Hottness November 17, 2005 WTF is it? Not Linux, But Unix-Like Completely different heritage Derived from 4.4BSD and 386BSD POSIX compliant (mostly) Goals Clean design Wide platform support

488 views • 7 slides
Deploying OpenStack What options do we have? Agenda Introduction Deployment projects

Deploying OpenStack What options do we have? Agenda Introduction Deployment projects

01.05.2019 Deploying OpenStack What options do we have? Agenda Introduction Deployment projects LCM projects Commercial offerings Summary Preconditions Use case Lifecycle management POC, private cloud, public

380 views • 19 slides
THE GREAT SYNERGY OF BIG DATA TECHNOLGIES Louis Capps, NVIDIA Solutions Architect,

THE GREAT SYNERGY OF BIG DATA TECHNOLGIES Louis Capps, NVIDIA Solutions Architect,

THE GREAT SYNERGY OF BIG DATA TECHNOLGIES Louis Capps, NVIDIA Solutions Architect, lcapps@nvidia.com Background Big Data vs Fast Data AGENDA HPC and Hyperscale Evolving data technologies Future research 2 Who is NVIDIA? ACCELERATED

888 views • 60 slides
Mass roll out of Linux with Windows Mass roll out of Linux with Windows as a VM Guest as a VM

Mass roll out of Linux with Windows Mass roll out of Linux with Windows as a VM Guest as a VM

Mass roll out of Linux with Windows Mass roll out of Linux with Windows as a VM Guest as a VM Guest Steven Sykes Systems Admin Department of Computer Science and Software Engineering University of Canterbury steven.sykes@canterbury.ac.nz

386 views • 12 slides
LibreOffjce On-Line server Initial implementation details Tor Lillqvist Collabora Productivity

LibreOffjce On-Line server Initial implementation details Tor Lillqvist Collabora Productivity

LibreOffjce On-Line server Initial implementation details Tor Lillqvist Collabora Productivity @TorLillqvist www.facebook.com/TorLillqvist For Thursday's child is Sunday's clown For whom none will go mourning @CollaboraOffjce

417 views • 16 slides
Deployment options Vlad Ionescu BDevOps vladionescu.me Plan Deployment options

Deployment options Vlad Ionescu BDevOps vladionescu.me Plan Deployment options

Deployment options Vlad Ionescu BDevOps vladionescu.me Plan Deployment options Scripts Configuration management Immutable infrastructure Containers Serverless Blatant generalisations Q

1.45k views • 107 slides
Kyle Suero @KST123ABC The Arch History Inspired by CRUX/BSD - Minimalism Only officially

Kyle Suero @KST123ABC The Arch History Inspired by CRUX/BSD - Minimalism Only officially

A simple, lightweight distribution Kyle Suero @KST123ABC The Arch History Inspired by CRUX/BSD - Minimalism Only officially support x86_64 Initially released March 11, 2002 by Judd Vinet Arch is an angsty teen! Almost 16. Wow.

509 views • 27 slides
The Espionage Metagame of EVE Online The Mittani What is a Metagame? Purpose of Talk:

The Espionage Metagame of EVE Online The Mittani What is a Metagame? Purpose of Talk:

The Espionage Metagame of EVE Online The Mittani What is a Metagame? Purpose of Talk: Description of the hidden aspects of EVE gameplay Analyze EVEs metagame for application in other environments Convince attending devs to

852 views • 31 slides
The not so Ominous Future of Computer System Defense Who am I PhD Candidate at UNC Charlotte

The not so Ominous Future of Computer System Defense Who am I PhD Candidate at UNC Charlotte

The not so Ominous Future of Computer System Defense Who am I PhD Candidate at UNC Charlotte Defense Competition Enthusiast 49sd Director of Education Where are current advancements leading us? Traditional System Defense SEIM

451 views • 18 slides
They're Good Dogs A gentle introduction to Core ML and Vision Andrew Harvey (@mootpointer) A

They're Good Dogs A gentle introduction to Core ML and Vision Andrew Harvey (@mootpointer) A

They're Good Dogs A gentle introduction to Core ML and Vision Andrew Harvey (@mootpointer) A Question For You What we will not cover In depth machine learning Cats Bleeding edge real - world implementations What we will cover

1.17k views • 73 slides
JBoss Tools & Developer Studio Max Rydahl Andersen http://in.relation.to/Bloggers/Max

JBoss Tools & Developer Studio Max Rydahl Andersen http://in.relation.to/Bloggers/Max

JBoss Tools & Developer Studio Max Rydahl Andersen http://in.relation.to/Bloggers/Max About Me Max Rydahl Andersen max@hibernate.org, max.andersen@jboss.com Formerly developer and project lead for large health care software

400 views • 23 slides
Constraint Programming Marco Kuhlmann & Guido Tack Lecture 1 Welcome! Where am I?

Constraint Programming Marco Kuhlmann & Guido Tack Lecture 1 Welcome! Where am I?

Constraint Programming Marco Kuhlmann & Guido Tack Lecture 1 Welcome! Where am I? Constraint Programming advanced course 6 credit points lecture (2 hours) + lab (2 hours) WWW: http://www.ps.uni-sb.de/ This lecture

983 views • 74 slides
Jeremy Edberg Why am I here? Why should we learn from other peoples mistakes? Mistakes

Jeremy Edberg Why am I here? Why should we learn from other peoples mistakes? Mistakes

Jeremy Edberg Why am I here? Why should we learn from other peoples mistakes? Mistakes weve made What is reddit? reddit is an online community Way back in 2005... Two UVA students applied for this thing called YCombinator They

1.68k views • 119 slides
DAVIX Visualization Bootcamp 25C3 Visualize Your Network! Jan P. Monsch Marius Ciepluch About

DAVIX Visualization Bootcamp 25C3 Visualize Your Network! Jan P. Monsch Marius Ciepluch About

DAVIX Visualization Bootcamp 25C3 Visualize Your Network! Jan P. Monsch Marius Ciepluch About Your Hosts Jan P. Monsch Marius Ciepluch l l DAVIX Project Initiator & DAVIX User & l l Lead Engineer Workshop Assistant Senior

555 views • 33 slides
AGNULA/DeMuDi - Towards GNU/Linux audio and music Free Ekanayaka 1 Media Innovation Unit

AGNULA/DeMuDi - Towards GNU/Linux audio and music Free Ekanayaka 1 Media Innovation Unit

Background Development State of art Next steps AGNULA/DeMuDi - Towards GNU/Linux audio and music Free Ekanayaka 1 Media Innovation Unit Firenze Tecnologia LAC 2005 Karlsruhe, 23 April 2005 Free Ekanayaka AGNULA/DeMuDi Background

1.33k views • 99 slides
Ethereum Workshop An Introduction to T ools, Solidity & Smart Contracts 1 / 40 Preparation

Ethereum Workshop An Introduction to T ools, Solidity & Smart Contracts 1 / 40 Preparation

Ethereum Workshop An Introduction to T ools, Solidity & Smart Contracts 1 / 40 Preparation Follow the instructions on: http://bit.ly/2um6cGA 2 / 40 Agenda 1) A brief introduction to Ethereum 2) Setting up a private blockchain 3)

619 views • 40 slides
Installing The Web Tools Platform Plug-ins In this column, I present how to get The Eclipse Web

Installing The Web Tools Platform Plug-ins In this column, I present how to get The Eclipse Web

Installing The Web Tools Platform Plug-ins In this column, I present how to get The Eclipse Web Tools Platform (WTP) plug-ins up and running. The projects mission is the following: to build a generic, extensible and standards-based tool

315 views • 5 slides
Winter GLIF Tech 2012 Wrap-Up Baton Rouge, 25-26 January 2012 Day 1 Time Subject 13.30 -

Winter GLIF Tech 2012 Wrap-Up Baton Rouge, 25-26 January 2012 Day 1 Time Subject 13.30 -

Winter GLIF Tech 2012 Wrap-Up Baton Rouge, 25-26 January 2012 Day 1 Time Subject 13.30 - 13.45 Welcome, agenda overview - Lars Fischer (NORDUnet) 13.45 - 13.50 Tech WG administration, announcements - Lars Fischer (NORDUnet) 13.50 - 14.20

269 views • 10 slides
Bitcoin & Blockchain applied cryptography problems Adam Back <adam@blockstream.com>

Bitcoin & Blockchain applied cryptography problems Adam Back <adam@blockstream.com>

Bitcoin & Blockchain applied cryptography problems Adam Back <adam@blockstream.com> Cryptography adoption criteria Conservative security assumptions Or graceful security degradation Reasonably compact serialisation

1.18k views • 22 slides
IBM project Objective Bring IBM Power Systems back into the Top5 list Push

IBM project Objective Bring IBM Power Systems back into the Top5 list Push

MareNostrum Building and running the system Sergi Girona Lisbon, August 29th, 2005 Operations Head History: Three Rivers Project IBM project Objective Bring IBM Power Systems back into the Top5 list Push forward Linux

489 views • 24 slides
Compilers and computer architecture: Just-in-time compilation Martin Berger 1 December 2019 1

Compilers and computer architecture: Just-in-time compilation Martin Berger 1 December 2019 1

Compilers and computer architecture: Just-in-time compilation Martin Berger 1 December 2019 1 Email: M.F.Berger@sussex.ac.uk , Office hours: Wed 12-13 in Chi-2R312 1 / 1 Recall the function of compilers 2 / 1 Welcome to the cutting edge

778 views • 50 slides

More recommend