Network Analysis with OPNsense
by Brian Dorr
This course will teach you how to install and perform basic network analysis using the various plugins and packages with OPNsense.
What you'll learn
Visibility into your network is essential to effectively discover or defend against attacks. Threat actors have a similar goal to gather as much intelligence as they can about their target network. The difference is an attacker will use that to plan an attack while a defender will use it to try and prevent or discover an attack. In this course, Network Analysis with OPNsense, you'll cover how to utilize OPNsense Firewall to secure a live enterprise environment. First, we’ll discuss installation methods and some basic features of OPNsense, and navigate the user interface to show and install the plugs-in and packages we need to conduct analysis. Next, we will configure Netflow v9, ntop, Suricata, and Zenarmor. Finally, we will use these tools to perform basic network analysis, highlighting the capabilities and differences of each. When you’re finished with this course, you’ll have the skills and knowledge to detect Active Scanning (T1595) and Network Service Discovery (T1046) using OPNsense with Netflow, Suricata, and Zenarmor (Sensei) to effectively recommend mitigations and appropriate response actions.
About the author
Brian Dorr is a cybersecurity professional who is very passionate about information security and teaching. Brian has served just under 20 years on Active Duty in the Army and is currently serving as a Cyber Warfare Technician who is a technical advisor and serves as a Defensive Cyber Infrastructure support for 12 teams who rely on him for his technical expertise. He also teaches and mentors cyber security students at Agusta Technical College as an Adjunct Cyber Security Instructor. Brian has led... more and managed several Defensive Cyber Operation missions to include planning and interfacing with several customers to employ an effective threat focused hunt mission by leverage threat intelligence, hardware resources, personnel talent to align with organizational requirements. Brian continues to frequently contribute to the information security community through his LinkedIn and hosts a website at https://lockeddorrsecurity.com and a blog on medium at https://medium.com/@LDS_Cyber. He currently holds ITIL, CEH, GSEC and has previously held Linux +, Cisco's CCNA Security and CCNA Route and Switch. He has attended several training bootcamps that involved various SANS courses, CompTIA, CISSP, CISM and many others during the course of his career. He also manages two network campuses for the church he attends. During down time, he likes to tinker around in his home lab, ride a motorcycle, spend time with his family, volunteer at his church in student ministry, and lastly, video games.