Upload File

moloch & amazon vpc traffic mirroring · who am i? •erik freeland...

  • Home
  • Documents
  • Moloch & Amazon VPC Traffic MIrroring · Who Am I? •Erik Freeland •@[email protected] •25+ years in computing, networking, & security. •Working on Banyan Vines to
12
2 # Moloch & Amazon VPC Traffic MIrroring

Upload: others

Post on 24-Mar-2020

3 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Moloch & Amazon VPC Traffic MIrroring · Who Am I? •Erik Freeland •@ejfreelanderik@nubeva.com •25+ years in computing, networking, & security. •Working on Banyan Vines to

2‹#›

Moloch & Amazon VPC Traffic MIrroring

Page 2: Moloch & Amazon VPC Traffic MIrroring · Who Am I? •Erik Freeland •@ejfreelanderik@nubeva.com •25+ years in computing, networking, & security. •Working on Banyan Vines to

What Am I Presenting?

• Complete cloudformation template for AWS installation of Moloch• Preview of official AWS Quickstart

• Core Requirements:• Cloud native components that can all autoscale independently• Decouple Elasticsearch from capture & viewer• Centralize all packet storage on S3• Allow for multi-viewer support• Allow for installation into new & existing VPCs

Page 3: Moloch & Amazon VPC Traffic MIrroring · Who Am I? •Erik Freeland •@ejfreelanderik@nubeva.com •25+ years in computing, networking, & security. •Working on Banyan Vines to

Who Am I?

• Erik Freeland • @ejfreeland [email protected]

• 25+ years in computing, networking, & security.• Working on Banyan Vines to AWS

• Currently Director of Customer Success for Nubeva• Nubeva has solved OOB TLS Decryption in the “cloud”

Page 4: Moloch & Amazon VPC Traffic MIrroring · Who Am I? •Erik Freeland •@ejfreelanderik@nubeva.com •25+ years in computing, networking, & security. •Working on Banyan Vines to

Why Should I Care?

• https://medium.com/wardleymaps

Page 5: Moloch & Amazon VPC Traffic MIrroring · Who Am I? •Erik Freeland •@ejfreelanderik@nubeva.com •25+ years in computing, networking, & security. •Working on Banyan Vines to
Page 6: Moloch & Amazon VPC Traffic MIrroring · Who Am I? •Erik Freeland •@ejfreelanderik@nubeva.com •25+ years in computing, networking, & security. •Working on Banyan Vines to

Actual Demo Diagram

Page 7: Moloch & Amazon VPC Traffic MIrroring · Who Am I? •Erik Freeland •@ejfreelanderik@nubeva.com •25+ years in computing, networking, & security. •Working on Banyan Vines to

Availability

• Now• www.nubeva.com

• New VPC -https://nubevalabs.s3.amazonaws.com/quickstart/templates/nubeva-master.template.yaml

• Existing VPC -https://nubevalabs.s3.amazonaws.com/quickstart/templates/nubeva.template.yaml

http://www.nubeva.com/
Page 8: Moloch & Amazon VPC Traffic MIrroring · Who Am I? •Erik Freeland •@ejfreelanderik@nubeva.com •25+ years in computing, networking, & security. •Working on Banyan Vines to

But Wait There’s More

Page 9: Moloch & Amazon VPC Traffic MIrroring · Who Am I? •Erik Freeland •@ejfreelanderik@nubeva.com •25+ years in computing, networking, & security. •Working on Banyan Vines to
Page 10: Moloch & Amazon VPC Traffic MIrroring · Who Am I? •Erik Freeland •@ejfreelanderik@nubeva.com •25+ years in computing, networking, & security. •Working on Banyan Vines to

But Wait There’s More

Page 11: Moloch & Amazon VPC Traffic MIrroring · Who Am I? •Erik Freeland •@ejfreelanderik@nubeva.com •25+ years in computing, networking, & security. •Working on Banyan Vines to

Nubeva TLS Decryption

Unencrypted Traffic

Encrypted Traffic

Application cluster

Clients

AppNubeva TLS SensorsDiscover Individual

Session Final Secrets from Memory in Realtime

Universal Software Decryptor (Container)

Decrypt Anywhere, Anytime,To Any Tool or Files

Using Any Packet Source

Copies of PacketsRealtime Streams

and Historical PCAPs

Encrypted Key Plane

Page 12: Moloch & Amazon VPC Traffic MIrroring · Who Am I? •Erik Freeland •@ejfreelanderik@nubeva.com •25+ years in computing, networking, & security. •Working on Banyan Vines to

13

‹#›

Thanks


Mirroring SQL Server

Honeypots & Honeynets - wiki.apnictraining.net · • Moloch is an open source, large scale IPv4 packet capturing (PCAP), ... • Moloch is built to be deployed across many systems

Marikki Hakola - MOLOCH · MOLOCH – earthly gestures The idea of work MOLOCH was born as I wondered the impact of an impressive wall painting The Last Judgment (1779) had on people

2015 moloch recipes

Cranial osteology of Moloch horridus (Reptilia: Squamata ...museum.wa.gov.au/sites/default/files/RecWAMuseum_2010_25(2)_2… · Cranial osteology of Moloch horridus (Reptilia: Squamata:

Database Mirroring & Snapshots SQL Server 2008files.meetup.com/1381968/PaulBertucci_Feb09.pdfAgenda – SQL Server User Group Database Mirroring – SQL Server 2008 Database Mirroring

Database mirroring setup

L Anus du Moloch - spherisme.be

Nexus56- Elana FREELAND Energiewaffen

Mirroring, Mindreading, and Simulation - Rutgers …fas-philosophy.rutgers.edu/goldman/Mirroring, Mindreading, and... · Mirroring, Mindreading, and Simulation ... this is not a mirroring

eBook FREELAND at HAND

Clustering and Mirroring

FRANCISCO VS. MOLOCH

Database Mirroring

moloch pdf estudio

Glenn Beck Eye of Moloch

Screen mirroring - viewsonicglobal.com

Freeland tribune. (Freeland, Pa.) 1901-08-30 [p ]chroniclingamerica.loc.gov/lccn/sn87080287/1901-08... · FREELAND TRIBUNE. VOL. XIV. NO. 27. FREELAND, PA., FRIDAY, AUGUST 30, 1901

Revista Moloch 8

Freeland Sally 2012

Baal y Moloch en La Biblia

Freeland Walleye Festival 2011

Grimoire of Moloch

INTRODUÇÃO AO MIRRORING

Freeland Presentación Book

Revista Moloch No. 7

Charles Freeland Basel

Revista Moloch #6

Freeland Walleye Fest 2014

Pbe elle freeland 2014

SharePoint 2007 Mirroring

Port Mirroring Feature Guide for EX9200 Switches · Mirroring Pointof Application Typeof Layer2PortMirroring Definition SeeDefininga Layer2 Port-Mirroring FirewallFilter. NOTE:Layer2

BILANCIO DI RESPONSABILITA’ - Freeland srl · Pag. 3 di 27 Freeland Calzature Srl Bilancio SA8000 – 2017 Bilancio di Responsabilità Sociale SA8000 - Premessa Freeland Calzature

Apple tv mirroring

Nand mirroring