Network Monitoring
using Security Onion
Shubham Mittal (Security Consultant)
Areas of interest:
Mobile Security, OSINT and network monitoring.
Sudhanshu Chauhan (...
Security Onion
Security Onion is a Linux distro for intrusion detection,
network security monitoring, and log management.
...
Core Functions:
• Full packet capture
• Network-based and Host-based intrusion detection
systems
• Analysis tools
Intrusion Detection System (IDS)
A device or software application that monitors network or
system activities for malicious...
Network Security Monitoring
Monitoring your network for security related events.
It might be proactive, when used to ident...
Log Management
To collect all logs, software activity, user events, and
network traffic.
Snorby:
Ruby On Rails Application For Network Security
Monitoring.
Integrates with intrusion detection systems like Snort,...
Squert:
Squert is a web application that is used to query and view
event data stored in a Sguil database (typically IDS al...
Sguil:
Sguil is a Network Security Monitoring tool (not browser
based).
It's main component is an intuitive GUI that provi...
ELSA (Enterprise Log search and
archive):
ELSA is a centralized syslog framework built on Syslog-
NG, MySQL, and Sphinx fu...
OSSEC:
Open Source Host-based Intrusion Detection System that
performs log analysis, file integrity checking, policy
monit...
BRO:
Bro is a Network analysis framework.
It provides a comprehensive platform for more general
network traffic analysis.
Deployment Scenarios:
• Standalone: A single physical or virtual machine running
both the server and sensor components and...
Thank You
Upcoming SlideShare
Loading in...5
×

Security Onion

1,287

Published on

null Bangalore Chapter - March 2014 Meet

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,287
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
26
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Security Onion

  1. 1. Network Monitoring using Security Onion
  2. 2. Shubham Mittal (Security Consultant) Areas of interest: Mobile Security, OSINT and network monitoring. Sudhanshu Chauhan (Security Consultant) Areas of interest: OSINT, Social Network Analysis and Competitive Intelligence. About Us
  3. 3. Security Onion Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It's based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, Snorby, ELSA, Xplico, NetworkMiner, and many other security tools.
  4. 4. Core Functions: • Full packet capture • Network-based and Host-based intrusion detection systems • Analysis tools
  5. 5. Intrusion Detection System (IDS) A device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station.
  6. 6. Network Security Monitoring Monitoring your network for security related events. It might be proactive, when used to identify vulnerabilities or expiring SSL certificates, or it might be reactive, such as in incident response and network forensics. NSM provides context, intelligence and situational awareness of your network
  7. 7. Log Management To collect all logs, software activity, user events, and network traffic.
  8. 8. Snorby: Ruby On Rails Application For Network Security Monitoring. Integrates with intrusion detection systems like Snort, Suricata and Sagan.
  9. 9. Squert: Squert is a web application that is used to query and view event data stored in a Sguil database (typically IDS alert data). It attempts to provide additional context to events through the use of metadata, time series representations and weighted and logically grouped result sets.
  10. 10. Sguil: Sguil is a Network Security Monitoring tool (not browser based). It's main component is an intuitive GUI that provides access to realtime events, session data, and raw packet captures.
  11. 11. ELSA (Enterprise Log search and archive): ELSA is a centralized syslog framework built on Syslog- NG, MySQL, and Sphinx full-text search. It provides a fully asynchronous web-based query interface that normalizes logs and makes searching billions of them for arbitrary strings as easy as searching the web.
  12. 12. OSSEC: Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
  13. 13. BRO: Bro is a Network analysis framework. It provides a comprehensive platform for more general network traffic analysis.
  14. 14. Deployment Scenarios: • Standalone: A single physical or virtual machine running both the server and sensor components and related processes. • Server-sensor: A single machine running the server component with one or more separate machines running the sensor component and reporting back to the server. • Hybrid: A hybrid installation consists of a standalone installation that also has one or more separate sensors reporting back to the server component of the it.
  15. 15. Thank You
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×