Building an internet-facing web server

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello everybody we're gonna start up in about five minutes [Music] all right glad everybody can make it um we're gonna kick this show off if uh if you hear an echo i'm sorry i'm getting construction done in my office but uh i've had the opportunity in the last couple weeks to be doing a whole bunch of interviews uh for a security analyst position it's one that i posted on youtube and one of the questions we kept asking was assume for a second that you had a web server and it was running at your house how would you get me the ability to access your web server and we got a lot of different answers and it's one of the fundamentals of routing over the internet in that like if you give me your ip address like let me go ahead and just show you on mine like if i say my ip address and i find the actual one that i'm using it's this one so if i were to host a web server on 10 98 98 12 in case you can't see that you wouldn't be able to route to that it's a private ip it's an rfc 1918 private ip address well so you might say okay well based on that then justin i know what to do let's do what's my ip right so you go to google maybe ipchicken and you're like okay no problem i'll give you that ip connect to that by the way don't don't don't attack my ip address no denial of service please i don't like that right and yeah flowy you're right and that so the real answer is i need that ip to be basically what's called a dna a destination app port forwarding whatever you want to call it so that when you connect to port 80 or 443 on my external ip it actually goes to my machine and i kind of assume that most would have known that answer and a lot of them did not so and that's fine because you don't know what you don't know and ignorance is a solvable thing so here we are today we're gonna show how to do this and time permitting i'm gonna show kind of a bonus way of doing this that's uh not a normal way of doing this and perfect i think for a home lab so let's first start off we need to get a web server running i'm going to kind of show you two different ways of doing this one i do have a ubuntu server virtual machine i'm just going to real quickly clone this because i'm going to delete it when i'm done by the way in a home lab create a link clone versus a full clone link clone is kind of nice because it saves you a bunch of hard drive space it can theoretically cause you issues if your vms grow and grow and grow and grow and grow outside of this like i have a 20 gig hard drive to a virtual machine but i make 40 giga changes that's different than having a full clone that can only max at 20 gig so if you don't know what i'm talking about you might want to look that up but for this i'm gonna do elite clone which is generally what we want i'm just going to call this my web server i'm going to deploy that don't worry i'll increase the font size here in a second i'm just going to get this fired up and i'll connect to it with an ssh client and we'll be able to see that i was asked about utp based attacks i answered with ddos attack blocking techniques just don't do them against me leave my ip alone my local isp is probably not gonna be that good at switching me over so i'm gonna let this fire up it'll get an ip and then i'm gonna move to my ssh client here and that'll zoom in now if you're just starting off i probably would have done ubuntu desktop i tend to do ubuntu server centos red hat i mean red hat you usually have to get some licenses but you can get licenses for it so i'm just gonna get this logged in so i can figure out what ip address it's on yes i am old school and i like ifconfig rather than what is it ip status net tools wow there it goes wow all right is not happy there we go i don't know why it's doing that but it's printing off screen that's probably just a screen resize running background come on let's do this again click on web server so all i'm trying to do is get it to print to the screen properly there we go much better okay that's what i needed i'm on dot 58 so i'm using moba x term is what this client is and i was 58. so i could have done this through this but i prefer going through moba extern and then this i can increase the size of increase font increase font okay so step one i need to get a web server running you can totally cheat and i'll show you one way so if you ever google something like python simple web server this is not what you would want to actually run you'll hear of things like pen testers doing this or you know i've done this occasionally for like a lights out card to remotely mount an iso image there's all sorts of fun reasons you can do this but if python's on the box notice there all of a sudden i have a web server running on 8 000 so if i grab this ip locally i should be able to connect to 8 000. i'm on there we got a web server running it's not really a full-fledged web server though you can technically do the same thing with powershell by the way so what we probably want is something like nginx apache video things like that so i'm going to install nginx so sudo app install in genex put the password in and yes and peta i now have an actual web browser installed i don't have a web application yet though but i do have a web server so now if i go in here i should have a var dub dub html it has the default welcome to nginx and if i try to browse to that same machine but on standard port 80 welcome to nginx so getting a web server up and running is easy what you'll find is probably harder is if you're trying to make it some type of legitimate web application but even that doesn't have to be so hard so let's just take a moment and here's what we're gonna do ubuntu 2004 wordpress and some of you might be cringing that's fine don't judge we're gonna do wordpress because that i think for those who might not have a web background it's a good way to get up and started but what you'll see like this guide i can already tell right now it didn't show how to install mysql it just assumed you had it that's pretty good and so some of this like if you sure it shouldn't be that hard to figure out how to do mysql it's app install mysql server app install mysql client you need both so you might have to play around with these until you find a guy that literally gives you the commands i'm just seeing if this looks like it's the same one usually digitalocean's got some really good guides so i'm shocked that they didn't have the mysql install in here there's all there we go that looks right so i've already got sudo apt update but we'll just run it just so you can see that's just making sure it knows all the repository and software available to install there we go this is going to install in this case apache so i probably should remove nginx for a second there we go it's going to install apache it's gonna install server side processing with php apache needs to know how to interact with php which is what this mod php is this is gonna get me mariadb so that i can log my database for wordpress and then it's going to let php be able to interact with that as well so let's run this there we go internet this yeah shouldn't take too long there it goes from there we'll get mysql up and running and there's a reason i'm choosing wordpress wordpress is an interactive web application where you can log into it you can technically integrate it with multi-factor authentication integrate it with azure you can integrate it with ldap you can add blogs if you're not if you're just trying to start and security and do that so it kind of emulates more of a actual web service that you're trying to share so that's why we're starting here uh-oh address in use which probably means i forgot to start engine stop engine x i just uninstalled it but i didn't stop it okay my bad that's not a problem so sudo service which it might not even be there anymore it is okay sudo service apache 2 start by the way if you're not used to if you're not used to linux this is kind of a neat command journal control minus you the service name nginx and you can tail the logs live so this is basically tailing the live journal system which is the active logs for so like at this point i got engine x back up and running i'm sorry apache apache should be running which is what i'm okay and just to validate i'll go back here i'll refresh the page notice now it's an apache we've installed three different web services python based web service nginx engine uh apache not exactly the way i was hoping to go but that's fine so okay we've got those we're next going to configure the database there we go um i am going to put a password on this yep oh no there is no password yet yep yep remote logon you would not want to disable if your database and web server are on different servers there we go yes there we go okay so now what i should be able to do is log into mysql with the password i just set oh and it hates me all right mysql-b maybe i'm getting too off target by trying to go with wordpress all right one sec let's see here it is mysql right so i'm trying to see is what it installed it as a service it is mysqld when i was looking at these i did not do d let's look at all logs bar log mysql access denied access to die add a do new dash user root so what i'm checking for some systems are now doing randomized passwords when you first install let's do this real quick okay so we're doing this version of my skill we're doing some live troubleshooting here real quick this is technically mysql so what i'm going to do real quick is i'm just going to remove it and make sure before i try to do anything i can actually get into it that's the server we also need to do the client although the client's not going to break anything so i'm just going to do the server what i'm also going to do is purge it okay okay rm rf see mysql there we go all right you darn thing [Music] let's try this again it's not taking a blank password let's see if this will go why do you hate me so much once like if this is going to keep giving us problems i'm just going to move on to the ultimate goal of getting this access i just once i start something i don't like to step away from it let's also do this three system system sudo service restart mysqlv and flip those turn up control failed to start all right i'm gonna can wordpress i'm gonna have to come back to this because i'm not gonna let it go that easily but all right anyway so in here we've at least got a web page loading so the trick i need to solve is how do i get access to it here because currently if i do that i get nothing which is what i got with mariadb right now but so okay i can't access it so there's two things we can do my home is set up using mediacom and what i've had my internet provider do is i've had them bridge their modem to my firewall so for me what i have to do is i have to configure access through my firewall i don't basically use the modem anymore because it should be passing everything directly to me if you don't have that or you don't know what that even is what you'll be doing is you'll have to do port forwarding on your modem which will be your isp's equipment which is effectively the same concept this is just acting as my direct line so what i need to do is i need to go in and create a rule that says traffic from the outside needs to go in like for example i'll just do a create new dna i can put the external ip i'm currently on i can map that to 1098.98 dot and as long as i'm still in bridge mode this should work port forwarding take port 80 on the outside to port 80 on the inside and this will be test web service okay there we go let me make sure that i'm still showing up as in bridge okay that looks good and then the other thing i'll have to do is allow this via my firewall rules so here we go i'm going to create a new one test web service incoming will be uh this is gonna be from the outside the internet coming in to my network which for me is going to be no this one source i don't care it could be anybody in the world if i was blocking it down my go ips i would start doing that and then my destination should be my test web service which these are not showing my dna so i'm gonna check real quick this boom okay so the reason this worked um notice i didn't finish my firewall rule but the page still worked which meaning now you can access my web service so if you want to you technically and i'll put this in chat you could connect to this site and you should be able to hit it but i didn't yet put a firewall rule it what's happening here is in the latest version of fortigate uh they've made it where when i do a dna it actually automatically puts in some rules to allow it to work which i don't really like um but it does make it easier to work so in your modem if you access to your modem same thing you'd go in and what you're going to say is take port 80 on the modem and pass it backwards to the whatever ip you're using zoom in a little bit also on port 80. okay now my machine all right config was dot 12. i'm gonna do something different docker let's see if i can get wordpress going this way i know i get wordpress going for whatever reason the database hates me so what i'm going to do is i'm going to run wordpress as a docker container for a second make sure i got docker running on here what i've done is i've installed docker for windows ps okay let me make this a little bit bigger there we go i'll do 36. okay so i'm gonna do docker run interactive terminal it name it wordpress and i'm gonna run the image for wordpress which was just wordpress now what i don't know is if this wordpress image already has a database in it i'm going to guess it probably does not we'll see in a second so in docker in this case it's downloading the web server so it's probably running out if i'm guessing probably apache the php code and the wordpress application i'm going to guess it does not have a database server so we're still going to be out of luck so far but i just want to see what this is going to do there we go wordpress not found copied it in launched it it is apache so my guess was right there and so now on my local machine if i try to hit localhost let's see what happens 10 98 98 12. oh i didn't expose the port so this is the weird stuff with um docker rm wordpress with docker you have to just like with port forwarding tell it to listen on certain ports so port 80 on my host goes to port 80 on the container there we go it's running refresh there we go okay so i've got wordpress but it's not actually set up and when i go through here it's going to ask me for a database which i don't have a database so what i can do next uh let's see here docker mysql i'm gonna go ahead and get a database running here in the background as well so if you have a laptop with very little resources like virtualization is slow i'm just showing you docker because you're not spinning off a full operating system for this so what i'm going to do is i'm going to run this command right here i'm going to open this in another terminal because i didn't run this in the background which that's fine actually i'll show you this if i control see this watch what happens it's down because i stopped the container so but once i deployed it if i wanted would have wanted to run at the background i could have done a dash d now it's technically still on my box so i can just do docker start wordpress and that should launch it in the background if you're like ah what's it doing docker logs wordpress and that will tell the logs so now it's back up and running there it is i'm now going to run mysql as a docker container i also like docker containers for lab because it's a lot easier to clean up like i did something to mysql on my linux box that the password either i set it and i type owed or i did something wrong it's probably what actually happened so now also i couldn't get logged in and i tried to purge and clean it up but i didn't do it all the way correctly with docker i can just delete everything and it's cleaned up so it's a little bit safer so i'm going to call this one by name i'll call it mysql and for the password i'm just going to put live stream 2021 and go it's going to download the image because i don't have it on this box right now and if all goes right i should have mysql with a root password of live stream 2021. i'll give that a second once that's up and running though i still need to create a default database for wordpress and then i'm going to change so that my wordpress site is internet accessible from my machine so here we go that's running in the background you can see it's listed i'm going to go into mysql for a second with bash and i'm just going to do just to show you this should work live stream 2021 i'm in right create database wordpress uh let's see if i can remember this command right right all on asterisk asterisk to wordpress at localhost identify uh that's not localhost let's do wordpress identified by live stream 2021. now just to show you this is a different password wordpress 2021 exclamation mark and yeah i've got a syntax error so if i go over here skip past i was trying to go directly to this which you should be able to do yeah create user yeah let's just go and do this just for time sake and brevity wordpress 2021 exclamation mark wordpress user i'm just going to call it wordpress i'm not going to do localhost because when the container reaches over it's not going to be local it's going to act as if it came from a completely different machine there we go and then i need to grant privileges same thing i'm going to do from all i named mine wordpress my database is called wordpress go flush privileges flesh privileges there we go if i did it right i should be able to do this wordpress wordpress we called this wordpress 2021 exclamation mark it's going to reach over via mysql and i just realized i made another mistake because this isn't going to work watch or if it does it's because of how docker on windows is operating yeah okay yep here's what i did wrong here and this is fine because the more errors i show you the more you'll you'll hopefully learn anyway so i'm going to close out of my database it's still running still have two containers running here's the mistake i made i'm going to delete wordpress i'm going to go back up to where i ran wordpress and i need to link it to mysql because right now when i add link it creates a dns record that lets it know how to get to the other container and i ran it in the background which i really usually don't do i usually do the dash d let's just start it up and let's see what we get now wordpress wordpress wordpress 2021 exclamation mark mysql is what i linked by name try again keep doing that doctor troubleshooting here i'm gonna go into the wordpress container there we go ping mysql okay it's apt install apt update containers by default have very minimal things running in them so i can add net tools see if that will give me ping if not i'll have to install the apps install let's see here ah install that no not that command copy there we go yes i'm just going to see what's going on here and ping it by name for troubleshooting i'm going to make sure i can actually connect to it with the user we created let's see here let's go back can ping it let's try this there we go let's see wordpress was the user i'll pass the password and the host will be mysql there we go password was supposed to be wordpress 2021 exclamation mark didn't work you that aren't missing a plug-in so okay so let's try this let's go into our database and let's just validate this works locally oh dash wordpress 2021 exclamation mark didn't work so it did not take my user correctly then live stream 2021 exclamation mark live stream no no exclamation mark there we go wordpress 2021 let's just do that right all on asterisk.astrick which actually should have just been wordpress to wordpress identified blah blah all right let's make sure this is working back here i'm gonna go to create user to do there we go i think this is what i did i put an asterisk here when this i think should have been that making sure and we changed this to wordpress 2021 i'm not in the container i'm not even in the right application all right there we go let's actually delete user wordpress for a second show users wordpress there we go flush privileges and close out now try to log in with wordpress wordpress2021 okay now we're in show databases that's there use wordpress just making sure i can get in looks like i can let's go back to the wordpress site wordpress wordpress wordpress2021 mysql submit run ah there we go justin's test site we'll do admin um i'm just gonna keep this simple so we'll do something like uh test 2021 exclamation mark yep i know it's weak don't bother me just take it don't do that like actually generate a strong random password by the way for what we're doing i don't care i just want this to work so i can get this up and running uh and kind of show you why i'm doing this there we go log in let's see here there we go okay so now we have more of a full-fledged web app i can create content like i can create a a page yep blah blah blah okay test page this is a wordplus blog site publish yup publish and now view the page so now look we've got a test site that's up and running but i want to hit that from the outside so what i'm going to do is i'm going to go in and i'm just going to change my dnat to point to 12 and so now what's my ip pass that i got the actual web application up and running i should be able to access test site let's see here what i call it test page test page there it is so we have a a cms right a content delivery system where you can add pages you can add contact forms you can technically sell products emulates more of an actual web application now i've got a different issue it's internet accessible i don't have https now you can generate certificates using openssl and then i can update everything to use those certificates there's a couple other things we can do too i'm actually going to show you the second way of making things internet accessible and it's through this thing called a cloud flare argo tunnel this is actually somewhat scary if you think about it what this is doing is i was hoping it would have a picture here we go rather than having things connect through your firewall into the web server you install a argo tunnel on the inside of your environment that reaches out through the firewall instead so it kind of goes the opposite direction and from there it creates a basically a site-to-site vpn to something like cloudflare a content delivery network and people route through it it's a reverse proxy content delivery network uh web application firewall yada yada yada don't know what any of those things are that's fine what i do is i i do have to pay for this i pay five dollars a month for this so what i'll do is i'll go in i'll log into my account and i have to sign up for argo tunnels so for me i'll go under a site like let's say um [Music] i'll do ha security solutions i'll go to traffic and i'll have to turn on argo tunnel so for this domain i don't currently have that on so i would turn this on which is going to warn me i'd get billed maybe i should go to one that i actually have this on sim as a service we use this a lot there we go and then i have to figure out via documentation how to turn this on which is really as simple as downloading installing cloudflare as a service which can also be your own dns over https so you can actually create your own and then from there you run a command that will register it now i'm going to check this on a screen that you can't see for a second to make sure i don't show you something i shouldn't but what i'm going to do is i'm actually going to show you what this cloudflare argo tunnel is going to do so i'm going into mine cloudflare okay i don't think i'm going to show you anything you're not supposed to see so what i'm going to do is i'm going to deploy this as a docker container as well so i'm going to download some files and i can kind of show you what's in these um cloud configs client aha which is myself i'm going to download my cloudflare folder there we go to my downloads and i need the cloudflare docker compose which would be this one okay now i've got those now the cloud flare in this case is actually an argo tunnel so i've got a compose file that will look similar to this i'm running a container that container needs to point to in this case a config file a certificate for authentication and if you need a ca cert which i don't need that one and that's fine so what i'm going to do here is i need to change these paths what i can do is i'm just going to do this actually i'm not even going to use this i'm just going to manually type this exit exit docker run i'm going to do it interactively again normally i run this as a d for background i'm gonna call this my argo tunnel and i'm gonna have to do a volume mount let's go into my downloads folder for this argo let's call it argo dash v this will be config i'm still not on the right folder there we go okay cargo i'm mapping on my host dot config.aml2 this within the container and then i need a map my cert to this path within the container now if i open my config file which is really the main main thing i need to change show you what this looks like looks like this i'm going to change this to test and this will point to http because i didn't set it up for anything other than that wordpress i'm going to save that i'm not going to do the origin ca i am going to do the origin cert and i won't need that because it's not a tls site okay i also need to link it in this case to wordpress and then i just need to run my docker image which is the same thing as installing the argo tunnel locally let's see if this works hopefully it does if not i failed you all right nope i did not like that to do which is probably something i messed up in the path docker rm minus f argo i'll go ahead and pass this other file too this will be ca.cert 2. okay so what this is telling me is i'm probably mapping something wrong which is fine so let's see here one sec i'm so used to doing this on windows that i'm sure i'm i'm just volume mounting incorrectly all right let's just try a full path here for a second i'm going to change the slash directions and this one unable to read files ca cert is a directory because it is i didn't pull that down apparently cacer is a directory okay so i'll fix that real quick you do have to have all the correct things in place for this to work i actually don't think i need that anyway let me go back to not having this volume out let's see what it does hmm okay this looks more correct so at this point argo tunnel is connecting it might take a second but if life is working should be able to do this yep it's going so this is because of the redirect from https to http um which if i were to set it up as actual https on the wordpress site we it would have viewed correctly but just to be clear here what's happening this link like if you connect to that you are actually going over a reverse tunnel so you're hitting stuff and i have this live like we use this for like our elk stacks and things like that so in this case we have h a sim as a service we're hitting a web application but the ip address behind this domain is not exposed there's no firewall rule allowing it in because there is no inbound for this at all what we're actually doing is we're writing an argo tunnel meaning it's it's using this software almost as if it's a uh it's kind of like a vpn client but in reverse it's actually the way we do reverse proxying and because we go through cloudflare then also we can use like web application firewall rules to help protect things like you know say wordpress as an example and so for your home notice this gave me a trusted tls site here digicert sim as a service certificate is okay what it doesn't like is on the back end for wordpress i didn't even use a self-signed cert but i'm getting access and i can set this up and it's yeah it's five dollars a month but now whether i have a hundred web apps or not it's still five dollars a month technically you have to pay for how much data you're sending over the tunnels as well so like if you're trying to do a streaming media server from home i wouldn't do this but if it's just to prove and test like internet accessible web applications mail systems like a lab this is great we use it because we also need distributed denial service protection for our services so we're kind of combining all together and it it works out so step one if you're doing it the traditional way you need to do something like a port forward right you go in whether this is your modem at home or if you have a firewall and you're creating a mapping from your external to your internal ip whatever system that is and you're doing a port mapping right now for example mysql is not accessible to the internet i wouldn't want it to be but i could i could make that internet accessible if i published 3306 you could maybe you don't have a static ip well for those of you who don't you can do stuff like in fortigate i can go in here and i can register a dynamic dns entry so lightforge.4dinedns will always know my correct ip i could also do an argo tunnel which is a reverse connection that does not require internet publishing whatsoever so that's an option as well if you don't have say a firewall that does dynamic dns you can do duct dns duct dns is free dynamic dns so you basically drop an agent somewhere and it does that whole what's my ip and records that now we've got time so i'm going to show you what i think is part of the problem on why i wanted to even show this clip today i'm gonna go to an amazon ec2 environment for a second this is good and bad so i'm gonna i'm gonna say i like this but i'm also gonna harp on this if you're using say azure google um aws right which is what i'm doing here there's a problem in that when i sign up like especially if you've never signed up for like amazon as an example you can do a free tier virtual machine and it literally can be like free for almost a year so i'll go in and i'll say hey i want to launch a virtual machine i go in i'm just gonna do what we just did in class two i'll do anything free tier i'm just gonna stick with ubuntu select i'm just gonna do the smallest free tier eligible instance you can go through configure all these really you don't need to change hardly anything in here storage can just be the default i'm just gonna do review and launch and uh it's open to the world that's fine here i'm gonna add http so i'm in amazon getting ready to deploy this and i'm saying hey let it listen on 22 and 80. review and launch launch and let it generate a new care a new key pair test download launch view instances i'm just going to click on the instance name so it goes directly to that box so amazon is now spinning off an ubuntu server for me and in a second i'll be able to connect to that so while i'm waiting i'm going to go and create my ssh session to that so we'll go over here sessions new it is 13 127 238 35 this is i believe the default users ubuntu for this and then i have to do a private key which is what i just downloaded test.pem okay and i'm in because it just went online right it's running so here part of the reason i think that this question during the interviews with such a problem is let's say i install nginx so you go app install nginx yes okay so nginx is now installed i grab that public ip address i go through done so that took i don't know i don't even think that was five minutes this is great because that means i can use a cloud provider and i can very quickly get out on the internet i've got services deployed like there really isn't any difference between ubuntu on amazon versus the ubuntu i'm running but they can give me an ip that is literally right out on the internet and all's i have to do via security groups is firewall off whether the ports open or not that's good because it makes the barrier to entry for especially like for a lab purpose i'm up and running the downside is it can make things so easy that we start to forget the fundamentals of networking like okay when's if i had a private rfc 1918 private ip address like we had well i'm 10 99 98 12 in this example so i had to go through and punch a hole and do natting at the same time it's confusing but it's how things are working uh any candidates on a job interview answered with all three options firewall public ip nat cloud fargo tunnel no no like there were some that got the natting and ip nobody i think was aware of argo tunnels or the concept of a reverse http tunnel yeah nope and cloud they knew because the cloud's pretty darn easy so i'd say two of the three nobody knew of argo tunnels and most most do not know um an argo tunnel is not the only way to do it and technically this this is kind of scary but technically if i were to take an argo tunnel and use it to reverse tunnel http but then i use something like no vnc or guacamole like here's no vnc right you log in and it can give you access to rdp ssh or vnc uh over html5 guacamole is the same thing apache guacamole it's again it's kind of like a virtual desktop interface vnc rdp ssh you could argo tunnel no vnc or argo tunnel guacamole and have access to someone's environment which is crazy like some of our clients like they give us vpns to connect to and they can be really slow or painful and i always was like i just want to drop an argo tunnel and a no vnc instance and this will be so much faster but it's like i know i'm not authorized to do that so okay so this is a live stream does anybody have questions that you want to see i mean i kind of walked through destination that with my firewall i showed a cloud instance sprinkled a little bit of docker in here even though i had a whole bunch of syntax errors if you've never set up wordpress we kind of snuck that in there even though i totally botched it up front but anybody have questions you want to see while i'm here so we've got four minutes i'm totally cool with doing whatever what you what you what you want and what you're curious about i saw the question about zeke so we'll probably go through stuff like that here in the future any vpn site-to-site recommendation um so site-to-site vpns i almost always do with my actual firewalls like i don't care what it is palo alto fortigate you can technically do it with like a pf sense are you talking about for a client vpn though or are you actually talking site to site no question to what you showed us now in particular but how do you go about checking the logical design of a network for weak points etc so for that one i think what i would usually do is go through and literally like whiteboard out what the the network looks like and then i try to do like um you know in my head i'm doing kind of emulations like if a client over here tries to connect to a server over there what are the controls in place and i kind of map that out um yeah so for that one uh i could probably do another live stream on that here you know mid next week even if you want because i'm not a big fan of doing frameworks or guidelines for that kind of exercise because then what happens is it tends to be more of an audit and auditing's fine that's just not something that i i tend to like i call them assessments because what i'm trying to do is take my expert opinion and judgment and review the network design so for that maybe next week if it sounds good i'll do a live stream where i'll design on a whiteboard what i'm going to start building out a home lab of multiple assets desktops servers subnets and kind of where the firewall is going to sit what connections should be allowed here or there how we do segmentation with logons and other things [Music] and kind of best practices or where there might be holes in the design would that be helpful and then flow while that's out there going back to your question for vpn clients um openvpn i think is a really good one openvpn there's actually multiple open source vpns out there um there's actually a new one that's supposed to be really really good open vpns what i've used the most is mail recently throughout something different trying to remember what the name of it was but if you're just wanting a client vpn to protect yourself uh openvpn you can deploy pretty quickly and you can also get it off like a pf sense if you deploy that virtually if you don't want the infrastructure at all there's cheap options that are you know 10 20 bucks a year and off to the races you go but if i'm doing it i kind of want to stand up something for um my own you know i want it to be mine just so i can say i've done it so open vpn for a client is what i'm kind of leaning towards site site vpns should be probably off your equipment because then they optimize the connection okay okay well so my game plan i i'm trying to do these live streams roughly an hour a piece try to go over a concept and then in the free time we can talk through whatever i don't usually have an issue going over a little bit especially for chatting like this because i'd rather than be more interactive um i'm gonna start doing live streams where we're deploying active directory setting group policies deploying things like web services dhcp getting all the foundational principles of the lab in place specifically i want to get active directory out of the way and then i'm going to start rolling into things like security onion zeke circada rule tuning uh sim with like an elastic stat stack versus say like a splunk and we'll start going into the the security things in detail um but the probably the next week or two i'm hoping to get the foundational components like active directory out of the way so uh if you can have some type of virtualization ready so that you can follow along and i'll kind of bounce between covering a concept and uh you know getting that home lab built out so any other questions anything you want to see i'm good with deviating from game plans as long as i know it's going to help folks all right yes i've got i've got some of the the birds really guinea hands that have snuck into the barn so that's what you're hearing they're being loud and obnoxious uh i don't have one but i've had that question a lot so i think i will try to create one yeah i'll i'll just plan on creating one not through sans i'm trying to do a lot of this outside of sans um sans might actually have a blue team discord channel without i think about it if not i think they're talking about it um i'm just going to create one that'll be non-brand named and that we all can talk on there so let's say within the next week or two i'll get that up and going so i think today i'm gonna end here i hope everybody has a happy easter and uh hopefully these clips even with all my air syntax is helping you out and uh we'll probably pick this up next week with um maybe a whiteboard session on network assessment uh and then we'll flip into things like active directory design and building that out so thanks everybody have a happy easter and uh we'll catch up with you soon you
Info
Channel: H & A Security Solutions
Views: 520
Rating: undefined out of 5
Keywords:
Id: 3b3PmNao23o
Channel Id: undefined
Length: 71min 22sec (4282 seconds)
Published: Fri Apr 02 2021
Related Videos
Create SSH connections with Cloudflare Access
Cloudflare
9.4K
elasticsearch python(flask) tutorial - read and insert data
vijay rajarathinam
20K
I Spent 100 Days on Unspeakable's Minecraft Server! *undercover*
PrestonPlayz
2M
Security Lab Hardware Recommendations in 2021
H & A Security Solutions
1K
Planning the Ultimate Home Lab: Live Stream Recording
H & A Security Solutions
1K
Proxmox Install - The Best Free Hypervisor of 2021
H & A Security Solutions
21K
How to use the MITRE ATT&CK Navigator
Elasticito
25K
Home Lab - Identify Your Motivation
H & A Security Solutions
506
How to Install and Setup Traefik with CloudFlare Using Your Own Domain
DB Tech
28K
Home Lab - vSphere and vCenter Installation and Configuration Guide
H & A Security Solutions
10K
MITRE DeTTECT - Data Source Visibility and Mapping
H & A Security Solutions
3.9K
Finding the Evil in Encrypted TLS Traffic with Machine Learning
H & A Security Solutions
335
IIS Web Server Installation & Website Configuration | Introduction to Windows Server 2016 Course
Instructor Alton
33K
Webinar: How to prepare a successful proposal in Horizon Europe (Morning session)
EU Science & Innovation
67K
vCenter 7.0 : How to download, install and config the VMware vCenter Server Appliance 7.0 (VCSA 7.0)
SalhidTech
2.3K
Making Alerts Meaningful with Data Enrichment
H & A Security Solutions
330
System administration complete course from beginner to advanced | IT administrator full course
Geek's Lesson
3.4M
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.