Important Announcement
PubHTML5 Scheduled Server Maintenance on (GMT) Sunday, June 26th, 2:00 am - 8:00 am.
PubHTML5 site will be inoperative during the times indicated!
EN
Home Explore Are there Rogue Hosts in my Network_ - Student Guide With Lab- WORD

Are there Rogue Hosts in my Network_ - Student Guide With Lab- WORD

Published by ccomer, 2017-03-09 14:59:21

Description: Are there Rogue Hosts in my Network_ - Student Guide With Lab- WORD

Search

Read the Text Version

Rogue DHCP Server Discovery A Host Snapshot is generated, in the Identification tab (a) information about server services (b) that are running on this host can be obtained.<(c)> page 49

Rogue DHCP Server Discovery This page intentionally left blank.<(c)> page 50

Lesson 8Workshop Learning OutcomesWorkshop Outcomes for Are there Rogue Hosts in my NetworkThe purpose of this workshop was to use the capabilities of Stealthwatch to huntout rogues in the network.This workshop started with a simple issue of a user experiencing password issuesthat lead to a bigger issue of a rogue DHCP server inside the network. By using thetools inside StealthWatch, we were able to connect the dots and find the true culpritin the network. By setting the Brute Force Login alarm to alert us, we found out host192.168.130.28 was conducting data exfiltration and brute force attacks on a hostserver in the UK.We then pivoted into the Domain Dashboard to view the rogue host for the day. Wefound out host 192.168.130.28 was just added to our network that day. After furtherinquiries with the IT department, we concluded that this host was not permitted butgained an IP address by another means.By conducting a custom Flow Table filter we found out that host 10.50.100.71 hasgone rogue by giving out IP addresses in our internal network. In the end, youfigured out that host 10.50.100.71 went rogue by activating DHCP services, whichhost 192.168.130.28 become a rogue device not registered in the network. Thishost then started a series of attacks to a server in the UK.In this workshop, we you learned how to: Enable the security event Brute Force Logon to alarm. Use the built-in Domain Dashboard to identify potential rogue devices. Created a custom flow table with filters to detect potential rogue DHCP servers.<(c)> page 51

Workshop Learning Outcomes <(c)> page 52

Lesson 9Wrap UpCustomer SuccessThe mission of the Customer Success Organization is to provide the framework,capabilities, and associated services to drive customers to achieve successfuloutcomes with our products and services.<(c)> page 53

Wrap UpImplementing Stealthwatch System Use Case SolutionsOur customers have online communities where they can: Create cases. Read and contribute to knowledge articles. Review product documentation. Watch videos. Participate in forums. Access Use Case Documents<(c)> page 54

Wrap UpQuestions or Feedback? <(c)> page 55

Wrap Up <(c)> page 56

Wrap Up <(c)> page 57


ccomer

Are there Rogue Hosts in my Network_ - Student Guide With Lab- WORD
Share
Like this book? You can publish your book online for free in a few minutes!
Create your own flipbook

TOP SEARCH

business design fashion music health life sports home marketing children

RELATED PUBLICATIONS