InfoSec Ninjas Croissants Intrusion Detection and Prevention System - - PowerPoint PPT Presentation

infosec ninjas
SMART_READER_LITE
LIVE PREVIEW

InfoSec Ninjas Croissants Intrusion Detection and Prevention System - - PowerPoint PPT Presentation

Mar 08, 2024 140 likes •267 views

InfoSec Ninjas Croissants Intrusion Detection and Prevention System (IDPS) InfoSec Ninjas Who am I? Samiux is an Information Security Enthusiast. - OSCE, OSCP, OSWP - Blogger - Linux user Hobbies : - Programming - Reading

slide-1
SLIDE 1

InfoSec Ninjas

Croissants Intrusion Detection and Prevention System (IDPS)

slide-2
SLIDE 2

InfoSec Ninjas

Who am I? Samiux is an Information Security Enthusiast.

  • - OSCE, OSCP, OSWP
  • - Blogger
  • - Linux user

Hobbies :

  • - Programming
  • - Reading
  • - Pentesting
slide-3
SLIDE 3

InfoSec Ninjas

What is Croissants? Croissants is an Intrusion Detection and Prevention System based on Suricata.

  • - Developed by Samiux since 2012
  • - Open Source under GPLv3
  • - Intrusion Prevention System (IPS)
  • - High Performance
  • - Ultra-low Latency
  • - Network based
  • - Host based
  • - Not Embedded Linux
slide-4
SLIDE 4

InfoSec Ninjas

Main components :

  • - Suricata
  • - Hyperscan
  • - Ubuntu Server
slide-5
SLIDE 5

InfoSec Ninjas

General Features :

  • - Blocks known malicious activities
  • - Blocks known malware and virus
  • - Easy and straight forward interfaces
  • - Compatible with Bittorrent and 4K video streaming
  • - Ultra-low latency for demanding online games
  • - Compatible with Microsoft Windows, GNU Linux, Apple macOS, Apple iOS, Google Android
  • - No subscription fee
  • - Automatically update and upgrade
  • - Urgent Update Push
  • - Plug, Play and Forget!
slide-6
SLIDE 6

InfoSec Ninjas

Detailed Features :

  • - Emerging Threats (ET) Open Ruleset (Default, Free)
  • - ET Pro Ruleset (Optional, Expense)
  • - Malware Hashes Ruleset - MD5, SHA1, SHA256
  • - Malware SSL/TLS Fingerprints Ruleset - JA3
  • - Protocol Ruleset - SSH, DNS, TLS, etc
  • - Malicious/Compromised IP Addresses Blacklist
  • - TOR (The Onion Router) Exit Nodes Blacklist
  • - Malicious URL/Domain Blacklist
  • - Malicious SSL/TLS Fingerprints Blacklist
  • - Bandwidth Over 10Gbps
  • - Drop instead of Reject
slide-7
SLIDE 7

InfoSec Ninjas

NON Open Source Features :

  • - Not For Sale
  • - Blocks Common Scanners
  • e.g. nmap, masscan, Shodan, Censys, Zoomeye
slide-8
SLIDE 8

InfoSec Ninjas

Minimum Requirements : (1) Hardware

  • - Multi-Core Intel/AMD x86 CPU (at least Intel ATOM D2550)
  • - 8GB DDR3 RAM or more
  • - 64GB SSD or more
  • - 3 Network Interface Cards/Ports (Network Based only)
  • - 1 Network Interface Card/Port (Host Based only)
  • - CPU with AVX2 or better (at least SSSE3)
  • * Intel ATOM D2550 can handle up to 300Mbps traffic only

(2) Software

  • Ubuntu Server LTS (64-bit)
slide-9
SLIDE 9

InfoSec Ninjas

Demo Open Source Interfaces (Network Based)

  • glances and netdata - https://youtu.be/kVHKU32Mky8

Non Open Source Features

  • Shodan - https://youtu.be/OoPS8Au2kAw
  • nmap - https://youtu.be/uwcCDcdaRT4

Live Target (Online Time Is Limited)

  • Croissants and Longjing (Deep Learning Driven Web Application Firewall)
  • Infosec Projects - http://www.infosec-projects.com/
slide-10
SLIDE 10

InfoSec Ninjas

Reference

  • Suricata - https://suricata-ids.org/
  • Hyperscan - https://www.hyperscan.io/
  • Ubuntu - https://ubuntu.com/
  • Croissants - https://www.infosec-ninjas.com/croissants
  • Freenode - #infosec-ninjas (SSL and Port 6697)
  • Infosec Ninjas - https://www.infosec-ninjas.com/
slide-11
SLIDE 11

InfoSec Ninjas

Thank you!

slide-12
SLIDE 12

InfoSec Ninjas

Q&A