Security Onion
Upcoming SlideShare
Loading in...5
×
 

Security Onion

on

  • 1,084 views

null Bangalore Chapter - March 2014 Meet

null Bangalore Chapter - March 2014 Meet

Statistics

Views

Total Views
1,084
Views on SlideShare
985
Embed Views
99

Actions

Likes
0
Downloads
13
Comments
0

2 Embeds 99

http://null.co.in 97
http://www.slideee.com 2

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Security Onion Security Onion Presentation Transcript

  • Network Monitoring using Security Onion
  • Shubham Mittal (Security Consultant) Areas of interest: Mobile Security, OSINT and network monitoring. Sudhanshu Chauhan (Security Consultant) Areas of interest: OSINT, Social Network Analysis and Competitive Intelligence. About Us
  • Security Onion Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It's based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, Snorby, ELSA, Xplico, NetworkMiner, and many other security tools. View slide
  • Core Functions: • Full packet capture • Network-based and Host-based intrusion detection systems • Analysis tools View slide
  • Intrusion Detection System (IDS) A device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station.
  • Network Security Monitoring Monitoring your network for security related events. It might be proactive, when used to identify vulnerabilities or expiring SSL certificates, or it might be reactive, such as in incident response and network forensics. NSM provides context, intelligence and situational awareness of your network
  • Log Management To collect all logs, software activity, user events, and network traffic.
  • Snorby: Ruby On Rails Application For Network Security Monitoring. Integrates with intrusion detection systems like Snort, Suricata and Sagan.
  • Squert: Squert is a web application that is used to query and view event data stored in a Sguil database (typically IDS alert data). It attempts to provide additional context to events through the use of metadata, time series representations and weighted and logically grouped result sets.
  • Sguil: Sguil is a Network Security Monitoring tool (not browser based). It's main component is an intuitive GUI that provides access to realtime events, session data, and raw packet captures.
  • ELSA (Enterprise Log search and archive): ELSA is a centralized syslog framework built on Syslog- NG, MySQL, and Sphinx full-text search. It provides a fully asynchronous web-based query interface that normalizes logs and makes searching billions of them for arbitrary strings as easy as searching the web.
  • OSSEC: Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
  • BRO: Bro is a Network analysis framework. It provides a comprehensive platform for more general network traffic analysis.
  • Deployment Scenarios: • Standalone: A single physical or virtual machine running both the server and sensor components and related processes. • Server-sensor: A single machine running the server component with one or more separate machines running the sensor component and reporting back to the server. • Hybrid: A hybrid installation consists of a standalone installation that also has one or more separate sensors reporting back to the server component of the it.
  • Thank You