Security Onion - Part 1

100 %
0 %
Information about Security Onion - Part 1
Technology

Published on February 27, 2014

Author: pathinishanth

Source: slideshare.net

n|u / OWASP / G4H / SecurityXploded meet Nishanth Kumar n|u bangalore chapter member 18 Jan 2014

What is Security Onion?  Security Onion is a Linux distro for  Intrusion detection,  Network security monitoring, and  log management 18 Jan 2014

Onion Layers • Ubuntu based OS • Snort , Suricata • Snorby • Bro • Sguil • Squert • ELSA • NetworkMiner • PADS ( Passive Attack Detection System ) • ………Many other tools . 18 Jan 2014

Now lets peel the onion layers & see what exactly each layer has …. 18 Jan 2014

Snort / Suricata  Snort is an open source network intrusion detection and prevention system (IDS/IPS)  Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine . 18 Jan 2014

Why to use only those IDS Engines  Highly Scalable  Protocol Identification  File Identification,  MD5 Checksums  File Extraction 18 Jan 2014

Snorby  Ruby on Rails Application for Network Security Monitoring ( Web frontend )  Metrics & Reports  Classifications  Full Packet  Custom Settings  Hotkeys 18 Jan 2014

Bro  Bro is a powerful network analysis framework that is much different from the typical IDS you may know.  high-level semantic analysis at the application layer.  site-specific monitoring policies.  comprehensively logs what it sees and provides a high-level archive of a network's activity. 18 Jan 2014

Features of BRO  All HTTP sessions with their requested URIs  key headers  MIME types, and server responses  DNS requests with replies  SSL certificates  key content of SMTP sessions  ………….and much more. 18 Jan 2014

Sguil  It is an analyst console for Security Monitoring  It’s a powerful and capable solution for  Event Analysis  Coreleation and  review Even ….  real-time events  session data  raw packet captures. 18 Jan 2014

Squert  A web interface to query and view Sguil event data and designed to supplement Sguil by providing addition context around the events .  Squert is a visual tool  additional context to events ……  metadata,  time series representations  weighted and logically grouped result sets 18 Jan 2014

18 Jan 2014

Enterprise-Log-Search-andArchive  Centralized syslog framework built on  Syslog-NG  MySQL  Sphinx full-text search. Allows for event searching and visualization of all the Log data security onion consumes , including    OSSEC Snort / Suricata BRO IDS Distributed log Archive System 18 Jan 2014

Features of ELSA • High-volume receiving/indexing • Full Active Directory/LDAP integration for • • • • authentication, authorization, email settings Dashboards using Google Visualizations Email alerting, scheduled reports. Plugin architecture for web interface Distributed architecture for clusters 18 Jan 2014

Network miner  Network Forensic Analysis Tool  passive network sniffer/packet capturing tool  operating systems  Sessions  Hostnames  open ports etc 18 Jan 2014

Sec Onion Support ……….  Alert data - HIDS alerts from OSSEC and NIDS      alerts from Snort/Suricata Asset data from Pads and Bro Full content data from netsniff-ng Host data via OSSEC and syslog-ng Session data from Argus, Pads, and Bro Transaction data - http/ftp/dns/ssl/other logs from Bro 18 Jan 2014

Refrences  http://blog.securityonion.net/  http://www.bro.org  http://www.snort.org/  http://www.google.com 18 Jan 2014

Its time for DEMO 18 Jan 2014

Add a comment

Related presentations

Related pages

Security Tips and tools for the network admin: Security ...

Security Tips and tools for the network admin: Security Onion Part 1. By Charles Tendell 1 Comment. Every day I run into system admins who know about security.
Read more

Security Onion: Introduction to Sguil and Squert: Part 1

This post is the first in a multi-part series designed to introduce Sguil and Squert to beginners. 1. Download Security Onion 20110116. 2. Boot the ISO and ...
Read more

Security Onion First Steps - Part 1 - Welcome to ...

Description: SECURITY ONION is a Linux distro for IDS (Intrusion Detection) and NSM (Network Security Monitoring). It's based on Xubuntu 10.04 and contains ...
Read more

Security Onion with pfSense in Virtual Box -Install - Part 1.

I Security Onion with pfSense in Virtual Box 03.10.2013 Special thanks to : Doug Burks Live a question, comment or video response below ...
Read more

Security Onion

Below is a quick screenshot tour of the new Security Onion 14.04.3.1 ISO ... Sguil, Squert, Snorby, ELSA, Xplico, NetworkMiner, and many other security ...
Read more

Ultimate Guide to Installing Security Onion with Snort and ...

Ultimate Guide to Installing Security Onion with Snort and Snorby. Posted In Security - By Aamir Lakhani on Sunday, ... Part I: Installing Security Onion. 1.
Read more

The Onion Architecture : part 1 : Jeffrey Palermo (.com)

General The Onion Architecture Part 1 : Jeffrey Palermo proposes a new architectural pattern that is based on how components are coupled to each other.
Read more

Orange Hat Security: Installing CIF on a Ubuntu 12.04 VM ...

Installing CIF on a Ubuntu 12.04 VM on top of Security Onion (Part 1) Security Onion and CIF. The CIF ...
Read more

The Threat Landscape Shifts Significantly in the European ...

... 2012/06/25/the-threat-landscape-shifts-significantly-in-the-european-union-part-1/" class ... Microsoft Security Intelligence ...
Read more

Security Credit Union - We're Security Credit Union - YouTube

... Security Credit Union has been a part of the communities we serve. With great rates, ... 1:19. Security Service Federal Credit Union 338 views.
Read more