Published on February 27, 2014
n|u / OWASP / G4H / SecurityXploded meet Nishanth Kumar n|u bangalore chapter member 18 Jan 2014
What is Security Onion? Security Onion is a Linux distro for Intrusion detection, Network security monitoring, and log management 18 Jan 2014
Onion Layers • Ubuntu based OS • Snort , Suricata • Snorby • Bro • Sguil • Squert • ELSA • NetworkMiner • PADS ( Passive Attack Detection System ) • ………Many other tools . 18 Jan 2014
Now lets peel the onion layers & see what exactly each layer has …. 18 Jan 2014
Snort / Suricata Snort is an open source network intrusion detection and prevention system (IDS/IPS) Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine . 18 Jan 2014
Why to use only those IDS Engines Highly Scalable Protocol Identification File Identification, MD5 Checksums File Extraction 18 Jan 2014
Snorby Ruby on Rails Application for Network Security Monitoring ( Web frontend ) Metrics & Reports Classifications Full Packet Custom Settings Hotkeys 18 Jan 2014
Bro Bro is a powerful network analysis framework that is much different from the typical IDS you may know. high-level semantic analysis at the application layer. site-specific monitoring policies. comprehensively logs what it sees and provides a high-level archive of a network's activity. 18 Jan 2014
Features of BRO All HTTP sessions with their requested URIs key headers MIME types, and server responses DNS requests with replies SSL certificates key content of SMTP sessions ………….and much more. 18 Jan 2014
Sguil It is an analyst console for Security Monitoring It’s a powerful and capable solution for Event Analysis Coreleation and review Even …. real-time events session data raw packet captures. 18 Jan 2014
Squert A web interface to query and view Sguil event data and designed to supplement Sguil by providing addition context around the events . Squert is a visual tool additional context to events …… metadata, time series representations weighted and logically grouped result sets 18 Jan 2014
18 Jan 2014
Enterprise-Log-Search-andArchive Centralized syslog framework built on Syslog-NG MySQL Sphinx full-text search. Allows for event searching and visualization of all the Log data security onion consumes , including OSSEC Snort / Suricata BRO IDS Distributed log Archive System 18 Jan 2014
Features of ELSA • High-volume receiving/indexing • Full Active Directory/LDAP integration for • • • • authentication, authorization, email settings Dashboards using Google Visualizations Email alerting, scheduled reports. Plugin architecture for web interface Distributed architecture for clusters 18 Jan 2014
Network miner Network Forensic Analysis Tool passive network sniffer/packet capturing tool operating systems Sessions Hostnames open ports etc 18 Jan 2014
Sec Onion Support ………. Alert data - HIDS alerts from OSSEC and NIDS alerts from Snort/Suricata Asset data from Pads and Bro Full content data from netsniff-ng Host data via OSSEC and syslog-ng Session data from Argus, Pads, and Bro Transaction data - http/ftp/dns/ssl/other logs from Bro 18 Jan 2014
Refrences http://blog.securityonion.net/ http://www.bro.org http://www.snort.org/ http://www.google.com 18 Jan 2014
Its time for DEMO 18 Jan 2014
Security Tips and tools for the network admin: Security Onion Part 1. By Charles Tendell 1 Comment. Every day I run into system admins who know about security.
This post is the first in a multi-part series designed to introduce Sguil and Squert to beginners. 1. Download Security Onion 20110116. 2. Boot the ISO and ...
Description: SECURITY ONION is a Linux distro for IDS (Intrusion Detection) and NSM (Network Security Monitoring). It's based on Xubuntu 10.04 and contains ...
I Security Onion with pfSense in Virtual Box 03.10.2013 Special thanks to : Doug Burks Live a question, comment or video response below ...
Below is a quick screenshot tour of the new Security Onion 14.04.3.1 ISO ... Sguil, Squert, Snorby, ELSA, Xplico, NetworkMiner, and many other security ...
Ultimate Guide to Installing Security Onion with Snort and Snorby. Posted In Security - By Aamir Lakhani on Sunday, ... Part I: Installing Security Onion. 1.
General The Onion Architecture Part 1 : Jeffrey Palermo proposes a new architectural pattern that is based on how components are coupled to each other.
Installing CIF on a Ubuntu 12.04 VM on top of Security Onion (Part 1) Security Onion and CIF. The CIF ...
... 2012/06/25/the-threat-landscape-shifts-significantly-in-the-european-union-part-1/" class ... Microsoft Security Intelligence ...
... Security Credit Union has been a part of the communities we serve. With great rates, ... 1:19. Security Service Federal Credit Union 338 views.