Introduction
eXperience is a history of the use that can be given to redBorder Live and its possibilities, as examples we have the use cases to demonstrate the capabilities of the platform and to be able to experiment through them, these use cases we believe that they are scenarios of what could happen to users and companies in a real environment, and so they are staged seeing how we have protected from attacks.
eXperience has been created so that you can see the possibilities of what could be done with redBorder Live, it is a demonstration environment where a company has been created and sensors have been deployed to protect the network of the different departments of the same, the platform It is a series of recordings of real attacks and reboots every day at 9:30 a.m.
eXperience is an environment to teach the capabilities of the redBorder Live platform and at the same time as a training environment on how to use that platform.
General Scenario Description
The defined scenario concerns a corporation called "EvilCorp" that has a local network of computers with Windows 7 x86, x64 and Windows 10 x64 operating systems, both in the "Finances" subnet and "IT Dept". All the equipment except for one of them with Windows 7 located in the financial department, are with the latest updates available both operating system and corporate antivirus.
Deployed Devices
The redborder devices deployed for the protection of the EvilCorp network are defined as:
IPS NGP2030
rbIntrusionProbe 192.168.1.12
An IPS (or Intrusion Prevention System) is a system for preventing intrusions into the organisation's network(s). It works the same way as an IDS (in fact it is usually the same software with an adapted function), except that in this case it does interfere in the organisation's traffic, in such a way that when a communication is detected that is identified as an attack, the system can opt not only to launch alerts, but can even discard the packages sent by the communication, creating the same effect as a firewall.
More information about the redborder IPS is available in the following articles:
- RedBorder IPS Administration Guide
- IPS Community Version
- Installing and Registering the redBorder Community Edition IPS
- RedBorder IDS Rules
Flow Sensors
EvilCorpITCore001 192.168.2.1
EvilCorpProdCore001 192.168.3.1
The Traffic module (also known as Flow), from the redborder platform, allows the monitoring and supervision of the data traffic received from the entire business infrastructure. Thanks to the views offered by this module we can make comparisons, filters, searches and analysis.
More information about the redborder Flow Sensor is available in the article “How to connect a Flow Sensor to redBorder”
Vault Sensors
EvilCorpSrv001-LogProbe 192.168.1.33
The Vault module of the redborder platform allows to visualize and analyze the logs received from the different services and devices. Thanks to the views offered by this module we can make comparisons, filters, searches and analysis.
More information about the redborder Vault Sensor is available in the article “How to connect a Vault Sensor to redBorder”.
Comments
0 comments
Article is closed for comments.