- It's ready! And orange juice with ice for Rita, I remember!
- Good morning, boss! I've thought about your task. Look what came out. Here's the same camera and the same software as installed at the airport. I'll walk past the camera, but it won't recognize me. And on the screen in front of you, it'll be the same me.
- How???
- Just like that! I'll change the image. TheBuilding a SOC on Free Software
Artem Tiunov, Alexander Pankin, Denis David | 08/13/2020
Security Operation Center (SOC) is, first of all, a team that understands and knows all possible nuances in the work, registration, response and elimination of consequences of information security incidents. To build a free SOC in its correct understanding, it is necessary to have a qualified staff and a strong toolkit.
There are two ways to build a SOC:
staff and proven commercial tools;
employees and freely distributed tools that require constant development.
The second option seems less attractive, but it is often the only available option.
In this article we will look at the basic principles, what you need to pay attention to and where to start.
Working with events
The first thing that is needed for the future SOC is to choose the path and tools to implement its plans.
The following scheme must be implemented:
Sources->Events->Collecting and storing events->Processing events and china whatsapp data incidents->Working with incidents->Resolving and closing incidents with their prevention in the future.
To work with events, we settled on a freely distributed product consisting of a stack of three components:
Elastic;
Logstash;
Kibana.
The choice was based on scalability, wide capabilities, fast implementation and good compatibility with other systems.
This tool allows you to quickly and securely collect data from virtually any source, then search, analyze, and visualize events in real time.
Setting up the toolkit
Let's consider the implementation of the stack in real conditions:
We will install three main components from the manufacturer's website : elasticsearch-7; logstash-7; kibana-7. Installation is possible on almost all Linux distributions, as well as on the Windows operating system;
camera will decide that it's not me, and the image you see will be authentic.
— My guys and I created software that attacks the facial recognition system, similar to the one currently used at airports to check passports. Using machine learning, we created fake images that look like a person to the naked eye, but the facial recognition system thinks it’s a completely different person. This will allow the agent to board the flight despite being on the blacklist.
— Do you understand that this work must be kept secret?
- Already!
- Well done!
Two weeks later, the agent was delivered to the capital, and Johann's department once again confirmed its fame as the "department of magicians."
Fairy tale? Not at all! The team from McAfee has already carried out a similar successful attack on the facial recognition system, similar to the one currently used at airports to check passports.