Crea Trampas Cibernéticas con TPOT - Instalacion
Installation Process Overview
Initial Attack Statistics
- In the last 24 hours, there have been approximately 26,518 attacks, with 651 occurring in the last hour. This highlights the real-time nature of threats faced during installation.
AWS Instance Setup
- The installation will utilize an AWS EC2 instance (t2.xlarge) with 16 GB of RAM, which incurs costs. A cost overview from the past three days shows around $144 spent on testing.
Launching the Instance
- The process begins by launching a new instance named "tp server server01" using Debian 11 as required by TIP (Threat Intelligence Platform). The user subscribes to this version in the marketplace.
Security Group Configuration
- A security group is created to allow SSH traffic only from the user's IP address for enhanced security during setup. Storage is set to a recommended size of 150 GB before launching the instance.
Connecting and Installing TIP
Accessing the Instance
- After connecting via SSH using a public IP address and elevating privileges to root, necessary repositories are downloaded from GitHub for installation purposes. The command for cloning is executed successfully.
Installation Steps
- During installation, users must verify that services are running correctly on their servers; since it's a new server setup, no existing services will be interrupted. Users select standard edition for all-in-one deployment including honeypots.
Configuring Security Settings
Modifying Security Groups
- Post-installation requires modifying security groups again to permit management traffic through specific ports while ensuring only authorized IP addresses can access them for added security measures. Ports used include SSH and others specified in documentation for management purposes.
General Traffic Rules
- For broader accessibility, general rules are established allowing incoming traffic from any IP address across numerous ports while maintaining stricter controls on management ports linked specifically to user’s public IP address for safety reasons.
Finalizing Installation and Accessing Dashboard
Reconnecting After Installation
- Once installation completes and reboots occur automatically, users reconnect via SSH using a newly configured port (64295) instead of default port 22 due to previous changes made during setup processes. System status checks confirm successful service operation post-reboot.
Accessing TIP Interface
- Users can now access their TIP dashboard through its public interface at port 64297 where they can monitor attack statistics in real-time; initial data indicates three attacks detected within one minute after login confirmation into the system's console interface.
Additional Resources and Conclusion
Terraform Configuration Offer
- An offer is made regarding pre-configured Terraform scripts available in video descriptions aimed at simplifying future installations by automating necessary configurations including all required ports and rules needed for effective operation of TIP systems without manual intervention.
**** Viewers are encouraged to leave comments or questions regarding any part of this tutorial or provide feedback on content shared throughout this session.