Explore defensive network security techniques using a Raspberry Pi in this BSidesSF 2016 conference talk. Learn about Network Security Monitoring, Log Stash configuration, log normalization, and custom patterns. Discover how to implement conditional statements, add fields, and utilize GeoIP and date matching. Delve into translation techniques, dictionary hashes, and external sources for enhanced security. Gain insights on email outputs and alerts, Cabana Dashboard implementation, and integrating threat intelligence feeds. Examine network scanning tools, commercial options, and auto-patching strategies. Conclude with a discussion on costs, future developments, and a Q&A session to deepen your understanding of deploying a defensive Raspberry Pi setup.
Overview
Syllabus
Introduction
Network Security Monitoring
Log Stash
Qabbani
Log Stash Configuration File
Log Normalization
Custom Patterns
Normalization
Conditional Statements
Add Field
GeoIP
Date Matching
Translate
Dictionary Hash
External Sources
Email Output
Email Alerts
Cabana Dashboard
Threat Intel Feed
Scripts
Environment Overview
Leonardo DiCaprio
Network Scanning
OpenBoss
Commercial Options
Service Safe
Auto patching
Cost
Future work
Questions
