SBN

Peeling the Onion — Security Onion OS

Introduction

In a world where security threats feel out of control, the security professional needs some help to do their job. Security tools are an important part of the armory for those professionals. But there is quite a bit of choice, including open-source enterprise toolkits. The question being asked is do you build your own setup, or do you look to other solutions to give you what you need to tackle cyberthreats?

Security Onion is a Linux distro that is based on Ubuntu and contains a wide spectrum of security tools. It is so named because these tools are built as layers to provide defensive technologies in the form of a variety of analytical tools. When you install Security Onion, you are effectively building a defensive threat-hunting platform.

Cybersecurity Live - Boston

Security Onion is described as a Network Security Monitoring (NSM) platform that “provides context, intelligence and situational awareness of your network.” (Source.)

Although Security Onion is free and open-source there is a company associated with it, Security Onion Solutions who offer related services and products.

What Is Security Onion?

Security Onion comes encapsulated with a variety of security tools covering:

  • Intrusion detection
  • Enterprise security monitoring
  • Log management

These layers can be packaged into three broad areas:

Full Packet Capture

It offers the tool netsniff-ng, which is used to capture a record of the network traffic as picked up by the Security Onion sensors.

Network-Based and Host-Based Intrusion Detection Systems (NIDS and HIDS)

  • NIDS method 1: Rules-driven, using Snort or Suricata. They work by identifying fingerprints that are matched to known anomalies and malicious traffic
  • NIDS method 2: Analysis-driven. Uses Bro as a file analysis framework to monitor and analyze events. The output logs cover various aspects of a network including SSL certificates, DNS requests, syslog activity and more. (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Susan Morrow. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/rRFFkvjhRps/