Friday, October 16, 2015

Bro in the Classroom

This past Wednesday, I was lucky enough to be asked to lead an evening class at DePaul University on using Bro. The students in the class are preparing for an annual cyber defense competition called CCDC. This  competition is actually where I cut my teeth defending realistic computer  networks. I had the opportunity to participate through multiple years of competition, one of which we even made it to the national level. After graduating I also had a chance to experience CCDC from the other side while participating on the red team. Last Wednesday, for the first time, I had a chance to see the other side of a university course while leading the class.

I was given three hours time for the class which I split 60/40 between lecture and hands-on lab time. The lecture material presented foundation topics  needed to understand what Bro does and how it works. A decent  understanding of protocol design, event based systems, system administration, and network forensics are all required before thinking about Bro. These topics were covered briefly, followed by Bro specific material. I also briefly discussed ElasticSearch and ELK and how those projects integrate with Bro (the ElasticSearch log writing code is now a plugin).

I've published the slides I presented for the lecture as well as the lab (which includes the step-by-step commands needed to set up Bro and ELK).

Instructing a class was an experience; instructing a class remotely was definitely a challenge, and I thank everyone for their patience with my ignorance of remote meeting software. I really enjoyed it and hope all the students gained *some* knowledge from the material even if it was only from my opinionated tangential rants about RFCs and HTTP.

No comments:

Post a Comment