Setting up an in-line Linux server in Azure for NIDS or packet caps

Speaker(s): Ken Netzorg Audience: Anyone with basic Linux and Networking fundamentals Description: Azure does not support a basic span or port forwarding option that allows for the continual monitoring or analysis of network traffic (unless you use vTAP in Preview, but currently on hold, and purchase services from a third party). Building and deploying an in-line linux server to act as a packet inspection appliance is straightforward and cost effective if you have some basic information. With a few basic deployment enhancements this can be done to support a high availability implementation. I have developed this talk because when I went through this process, I did not find any good end-to-end guides on how to put it all together. This basic setup can be further expanded upon to run Suricata, Zeek, or simple TCPDump activities to give you an insight into traffic on your VNet. Bio: A seasoned technology leader who loves to continually learn and try new ideas and solutions to help the Blue Team succeed. Though good security and technology solutions can be hard, it doesn’t have to be limited to those with the biggest budgets. I like to find ways to leverage and evangelize the great work others in our industry have shared with us, as it is critical for us learn from eachother if we are to succeed as an industry.