Your SlideShare is downloading. ×
Security Onion - Introduction
Security Onion - Introduction
Security Onion - Introduction
Security Onion - Introduction
Security Onion - Introduction
Security Onion - Introduction
Security Onion - Introduction
Security Onion - Introduction
Security Onion - Introduction
Security Onion - Introduction
Security Onion - Introduction
Security Onion - Introduction
Security Onion - Introduction
Security Onion - Introduction
Security Onion - Introduction
Security Onion - Introduction
Security Onion - Introduction
Security Onion - Introduction
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Security Onion - Introduction

8,835

Published on

null Bangalore January meet

null Bangalore January meet

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
8,835
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
47
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. n|u / OWASP / G4H / SecurityXploded meet Nishanth Kumar n|u bangalore chapter member 18 Jan 2014
  • 2. What is Security Onion?  Security Onion is a Linux distro for  Intrusion detection,  Network security monitoring, and  log management 18 Jan 2014
  • 3. Onion Layers • Ubuntu based OS • Snort , Suricata • Snorby • Bro • Sguil • Squert • ELSA • NetworkMiner • PADS ( Passive Attack Detection System ) • ………Many other tools . 18 Jan 2014
  • 4. Now lets peel the onion layers & see what exactly each layer has …. 18 Jan 2014
  • 5. Snort / Suricata  Snort is an open source network intrusion detection and prevention system (IDS/IPS)  Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine . 18 Jan 2014
  • 6. Why to use only those IDS Engines  Highly Scalable  Protocol Identification  File Identification,  MD5 Checksums  File Extraction 18 Jan 2014
  • 7. Snorby  Ruby on Rails Application for Network Security Monitoring ( Web frontend )  Metrics & Reports  Classifications  Full Packet  Custom Settings  Hotkeys 18 Jan 2014
  • 8. Bro  Bro is a powerful network analysis framework that is much different from the typical IDS you may know.  high-level semantic analysis at the application layer.  site-specific monitoring policies.  comprehensively logs what it sees and provides a high-level archive of a network's activity. 18 Jan 2014
  • 9. Features of BRO  All HTTP sessions with their requested URIs  key headers  MIME types, and server responses  DNS requests with replies  SSL certificates  key content of SMTP sessions  ………….and much more. 18 Jan 2014
  • 10. Sguil  It is an analyst console for Security Monitoring  It’s a powerful and capable solution for  Event Analysis  Coreleation and  review Even ….  real-time events  session data  raw packet captures. 18 Jan 2014
  • 11. Squert  A web interface to query and view Sguil event data and designed to supplement Sguil by providing addition context around the events .  Squert is a visual tool  additional context to events ……  metadata,  time series representations  weighted and logically grouped result sets 18 Jan 2014
  • 12. 18 Jan 2014
  • 13. Enterprise-Log-Search-andArchive  Centralized syslog framework built on  Syslog-NG  MySQL  Sphinx full-text search. Allows for event searching and visualization of all the Log data security onion consumes , including    OSSEC Snort / Suricata BRO IDS Distributed log Archive System 18 Jan 2014
  • 14. Features of ELSA • High-volume receiving/indexing • Full Active Directory/LDAP integration for • • • • authentication, authorization, email settings Dashboards using Google Visualizations Email alerting, scheduled reports. Plugin architecture for web interface Distributed architecture for clusters 18 Jan 2014
  • 15. Network miner  Network Forensic Analysis Tool  passive network sniffer/packet capturing tool  operating systems  Sessions  Hostnames  open ports etc 18 Jan 2014
  • 16. Sec Onion Support ……….  Alert data - HIDS alerts from OSSEC and NIDS      alerts from Snort/Suricata Asset data from Pads and Bro Full content data from netsniff-ng Host data via OSSEC and syslog-ng Session data from Argus, Pads, and Bro Transaction data - http/ftp/dns/ssl/other logs from Bro 18 Jan 2014
  • 17. Refrences  http://blog.securityonion.net/  http://www.bro.org  http://www.snort.org/  http://www.google.com 18 Jan 2014
  • 18. Its time for DEMO 18 Jan 2014

×