The popular single board computer, the Raspberry Pi (RBPi), can effectively secure systems that traditional protection mechanisms often cannot. Industrial control system networks and Internet of Things fall under this category. You can use the RBPi2B and later models as an adequate medium for running the various security tools.
For this project, you need a Micro SD card of at least 8 GB size, and the bigger it is the better, as you can use the extra space to store a longer log data history, for instance, for logging data from Bro IDS. A case for the RBPi is preferable, and you can use one suitable to your individual taste and style. Although optional, a small form factor wireless keyboard is more helpful to configure the device on the fly, rather than using a full size keyboard.
Once you have configured the RBPi for networking, enable SSH and allow configurations from an SSH client. The hardware you will need includes an RBPi2B or later, an 8+ GB Micro SD card, a case for the RBPi, a Micro USB power cord, and an optional mini wireless keyboard.
Use the RBPi website to follow their getting started guide and install the Raspbian operating system using the New Out of the Box Software (NOOBS). Those familiar with the installation system can also use the traditional method of installing the Raspbian OS directly without the NOOBS, and it should work fine. Other OS distributions for the RBPi may also work, but you will need to try them out.
As the RBPi security solution places great reliance on lightweight open-source software, and the device monitors all traffic, you need to install software that inspects the traffic to learn what is going on. This requires installation on an Intrusion Detection System or IDS. Among the several free products available in the market, the one most suitable for the RBPi is the Bro IDS. The Bro inspects traffic at all OSI layers, and adds additional scripting that increases attack detection.
Bro IDS has some prerequisites before it can install on the RBPi. Install the prerequisites via apt-get, and after completing, download the latest source code for the Bro. Now, setup the environment to build, and to install the build—use configure, make, and make install. This allows you to manually control Bro, or use Broccoli to control it automatically.
Although the Bro IDS comes with an extensive signature base that can detect a number of common attacks, you can enhance its signature with Threat Intelligence. Another advantage in using the Bro IDS is the availability of Critical Stack, and you can integrate the threat intelligence with the Bro.
You can use Critical Stack, a threat intelligence feed, as a free aggregator. It functions as a simple point-n-click integration as it pulls data, such as addresses for Tor Exit Mode IP, known phishing domains and/or other malicious IPs. After pulling the data for threat intelligence, the Critical Stack agent formats it into a scripting language that Bro understands. The Bro IDS can pick up the new script automatically.