Posts by Rapid7

4 min Automation and Orchestration

Preparation Phase of Incident Response Life Cycle of NIST SP 800-61

Synopsis In the series of articles titled “Incident Response Life Cycle in NIST and ISO standards” we review incident response life cycle, as defined and described in NIST and ISO standards related to incident management. We introduced these standards in the first article in this series [/2017/01/11/recommendations-for-incident-response-team-included-in-nist-special-publication-800-61/] . In previous article in this series [/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-80

3 min Automation and Orchestration

The Team Cymru Malware Hash Registry

Synopsis: Team Cymru’s Malware Hash Registry (MHR) is a useful tool for scanning suspicious files. It is free for private use and provides an excellent addition to a comprehensive security plan. It scans the hash of a file against a number of anti-virus packages and then lets you know if the file has previously been detected as malware. Who Are Team Cymru? Team Cymru is an internet security research group that operate out of Illinois as a non-profit organization. Cymru is pronounced Kum-ree, wh

3 min Automation and Orchestration

How to Configure a Basic IPsec Tunnel

Synopsis I recently started the blog under the tag IPsec. Anyone having background in this regard would know that this topic is too elaborate to be covered with a single article. I will be doing a series of articles to touch as many details as I can. But first things first: you need to know about the basics of IPsec. I would like to share with you a way to configure an IPsec tunnel under main mode. Configuration Please note in advance the following is a precise configuration for when we need to

5 min Automation and Orchestration

How to Install Suricata NIDS on Ubuntu Linux

Synopsiss Suricata is a free and open source fast network intrusion system that can be used to inspect the network traffic using a rules and signature language. Suricata is funded by the Open Information Security Foundation [https://oisf.net/] and used for network intrusion detection, network intrusion prevention and security monitoring prevention. It is capable of handling multiple gigabyte traffic, display it on screen and also send alerts through email. Suricata’s architecture is very similar

5 min Automation and Orchestration

How To Protect SSH and Apache Using Fail2Ban on Ubuntu Linux

Synopsis Fail2Ban is a free and open source intrusion prevention software tool written in the Python programming language that can be used to protects servers from different kinds of attacks. Fail2Ban works by continuosly monitoring various logs files (Apache, SSH) and running scripts based on them. Mostly it is used to block IP addresses that are trying to breach the system’s security. It can be used to block any IP address that are trying to make many illegitimate login attempts. Fail2Ban is s

5 min Automation and Orchestration

Detection and Analysis Phase of Incident Response Life Cycle of NIST SP 800-61

Synopsis In the series of articles titled “Incident Response Life Cycle in NIST and ISO standards” we review incident response life cycle, as defined and described in NIST and ISO standards related to incident management. We introduced these standards in the first article in this series [/2017/01/11/recommendations-for-incident-response-team-included-in-nist-special-publication-800-61/] . In previous article in this series [/2017/02/16/preparation-phase-of-incident-response-life-cycle-of-nist-

3 min Automation and Orchestration

Understanding GRE (2/2)

Synopsis: In the last post [/2017/01/30/understanding-gre/], I talked about the GRE tunnels, it’s Class of Service and the Firewall Filters it offers.  The next step is to learn about the simplest way to configure a tunnel between two sites using GRE.  This article aims to give understanding about the Configuration of GRE Tunnels for Juniper Networks. Pre-requisites: Before we go in the actual configuration, here is a checklist that you must have before configuring your GRE tunnel between sites

3 min Automation and Orchestration

Basics of IPsec

What is IPsec? IPsec is a framework of related protocols that secure communications at the network or packet processing layer. It can be used to protect one or more data flows between peers. IPsec enables data confidentiality, integrity, origin authentication and anti-replay. Why was IPsec created? There was a dire need of communicating data packets securely over large public WAN (mainly Internet). The solution was development of many networking protocols among which IPsec is one of the most de

2 min Komand

InfoSec Valentines: Show a Security Nerd How Much You Care

It's no secret that we ❤️ security defenders. And while we typically show our love through helpful insights and technique-driven articles, there's just something about this time of year that makes us want to display it in an entirely different fashion. We present to you infosec valentines! We know this isn't a new phenomenon [https://twitter.com/search?q=%23infosecvalentines&src=typd], but with all the doom and gloom that winter brings, creating and sharing infosec valentines got us excited. S

4 min Automation and Orchestration

Fine Tuning Your Intrusion Detection System to Minimize False Positive Alerts

Monitoring and protecting your company’s assets is one of the most important jobs you can perform. It can be tedious sometimes, but overall it can have the biggest impact to the business if compromised. Having alerts set up in your SIEM [https://www.rapid7.com/fundamentals/siem/], IDS and FIM solutions [https://www.rapid7.com/solutions/file-integrity-monitoring/] can ultimately keep you on track. Eliminating false positive results can be a whole different story. Being able to pick out false pos

3 min Automation and Orchestration

Understanding Generic Routing Encapsulation (GRE) (1/2)

Synopsis To transport packets in a private and secure path over a public network, we use the process of encapsulating packets inside an IP encapsulation protocol. GRE follows this protocol and sends packets from one network to another through a GRE tunnel. In this blog, we will understand what is encapsulation, the CoS of GRE and firewall filters in GRE. Understanding GRE – Generic Routing Encapsulation What is encapsulation? The general internal representation of an object or data or packet is

6 min IT Ops

5 Rules of Pair Programming Etiquette

I like Pair Programming [https://en.wikipedia.org/wiki/Pair_programming]. I’ve been doing it episodically for about 10 years. Whenever I’ve pair programmed, at the end of a session, I’ve always walked away a better developer than when I started. However, the practice can be expensive when the pair doing the programming are not efficient. When a lot of friction exists between the two coders involved, costs can exceed double that of a single programmer trying to hash things out on his or her ow

5 min Komand

How to Automate Response to Endpoint Threats with Sysdig Falco, Splunk, Duo, and Komand

Many security teams use endpoint threat detection solutions to detect and respond to threats like malware, credential theft, and more. In a common architecture using a SIEM or Log Management solution, alerts from endpoint detection products can be managed and correlated with telemetry from other solutions or logs, and validated: Generally, a human being has to get involved anywhere from the third step forward. Can we do better? Using a typical architecture with a real endpoint threat detecti

5 min Automation and Orchestration

Two Factor Authentication Methods and Technologies

Synopsis Authentication is a critical step that forms the basis of trust on the Internet or any network based transactions. To state simply it verifies that the person or entity is who they claim to be. However authentication mechanisms are constantly under attack. Two Factor Authentication is an evolution to counter these security threats. This tutorial takes a look at various types of authentication methods and technologies behind them. Different Types of Authentication Factors Three distinct

3 min Komand

The Most Repetitive Tasks Security Analysts Perform

It’s not very productive to come into work day in and day out just to perform the same task dozens of times when you were trained to hunt threats and remediate complex problems. The repetition of rote tasks like IP scoring, alert monitoring, and URL lookups can be fatiguing and dissatisfying, which, as major security breaches show [http://www.darkreading.com/attacks-and-breaches/target-ignored-data-breach-alarms/d/d-id/1127712] , can cause alerts to slip through the cracks and threats to get in