Presented w/ Lennart Koopmann, Graylog, Inc.
Security is difficult, especially budget and time are limiting factors. We have learned from experience that DNS is the key to uncovering communication between both friend and foe. We can uncover a great deal when we peeking into the trends revealed by our DNS traffic. First, we must understand our normal traffic patterns so we can spot anomalies. We must also understand what types of exploits can be carried out via DNS and how to spot the patterns of those exploits. This training will provide you with insight into simple methods for logging DNS queries from a variety of platforms including Microsoft AD DNS servers & standard Linux servers.
We will instruct you on the setup, installation and configuration of Graylog, Elasticsearch NXLog and Packetbeats in our test environment. Students should being a laptop with either VMware Workstation or VirtualBox installed and ready to roll. We will build out a test environment that you can use to capture DNS traffic that you will generate against the DNS servers you prepare. We will then take some time to instruct you on ways to view, filter and manage your data including stream tagging and alerting.