SlideShare a Scribd company logo
WELCOME TO OUR
PRESENTATION
How Security Onion in Linux Distribution For Threat Hunting,
Enterprise Security Monitoring, And Log Management.
Name Of Our Thesis
01
- Introduction
- Background study
- Literature review
- Network security monitor
- Why we use security onion
- Tools and technologies
- Virtualization
- Methodology
Agenda
02
- Network Traffic Analysis & Monitoring
- Malware analysis with security onion
- Accomplishment Work
- Future Works
- Student Motivation (those who study
security onion)
- Conclusion
- Reference
Presented By
03
Supervised By CO-Supervised By
Mashihoor Rahman
Cyber Security Analyst
Sahabuddin
Lecturer
Department of CSE
City University
Name ID
Boni Yeamin 173462012
Nahnudul Hasan Nir Rahim 173462098
▪ Introduction of Security Onion
04
- This work takes a closer look into the functionality and efficiency of a prebuilt,
open source, security tool, known as the Security Onion. The Security Onion was
selected as the system of choice for this experiment based on the numerous
different kinds of tools that are integrated into its design. Many security systems
don’t incorporate numerous tools into the design, making it a unique system to
analyze.
Introduction
▪ Statement of the problem
05
- many organizations fail to provide security with the necessary budget, guidance,
or resources.
- fully understanding the effectiveness or ineffectiveness of the tool.
- utilize a variety of software
- firewall
- Monitoring and securing a network are a daunting task
Introduction
▪ Objective
06
- The objective of this research is to provide a comparative analysis of a device
with the Security Onion installed, and one without it. It is to provide users with
greater insight into how effective or ineffective a security tool may actually be.
This could potentially help them realize, or understand, the pros and cons of a
security tool and how secure their network truly is.
Introduction
▪ Limitation of the Research
07
- This study is limited to the comparative analysis of the Security Onion, although,
there are other opensource security tools available for enterprises to utilize.
Moreover, this work attempts to launch attacks on each computer to analyze the
effects. However, the complexity of the attacks is restricted and doesn’t include
all variations of protentional threats or vulnerabilities.
Introduction
▪ Background Related to the problem
08
- The area of cybersecurity has become a growing commodity for companies over
the last decades. According to Jeff, there will be a “3.5 million global shortage of
cybersecurity professionals by 2022" Cybersecurity Ventures reported that the
number of unfilled cybersecurity jobs grew by 350%. The Security Onion allows
enterprises to automate and control the security process, which can potentially
help a department that is lacking proper man and women power. In addition, it
is a cost-effective solution since the software is prebuilt and free. On the surface
the Security Onion looks like a promising tool that could solve all of an
organization’s security problems. professionals need to be subjective when
deciding on the proper way to secure their company.
Background study
▪ Literature Study
09
- This section provides additional content relating to the background of the
problem; including the primary use of the Security Onion to protect an
enterprise’s network. It introduces the common problems or challenges that
exist in the security world and the ways in which it impacts a professional’s
decisions to use an open-source system, such as the Security Onion. It looks at
literature to indicate the current understanding of the system and identify
what’s missing. Finally, it introduces the concept of a private network and
different types of attacks.
Literature review
▪ Literature related problem
10
- The Security Onion is a relatively new concept in the cybersecurity world. When
reading through different articles, books, and journals, there seems to be a lack
of information relating to the effectiveness or ineffectiveness of the software.
There were many pieces of literature relating to the setup of the system and
different ways of configuring it to help prevent certain types of attacks.
Literature review
▪ Intrusion Detection
11
- Security Onion generates NIDS (Network Intrusion Detection System) alerts by
monitoring your network traffic and looking for specific fingerprints and
identifiers that match known malicious, anomalous, or otherwise suspicious
traffic.
- This is signature-based detection so you might say that it’s similar to antivirus
signatures for the network, but it’s a bit deeper and more flexible than that. NIDS
alerts are generated by Surakata.
Network security monitor
▪ Intrusion Prevention
12
- An intrusion prevention system (IPS) is a network security tool (which can be a
hardware device or software) that continuously monitors a network for malicious
activity and takes action to prevent it, including reporting, blocking, or dropping
it, when it does occur.
- An intrusion prevention system is placed inline, in the flow of network traffic
between the source and destination, and usually sits just behind the firewall.
There are several techniques that intrusion prevention systems use to identify
threats.
Network security monitor
▪ Why IDS/IPS if I have Firewall
13
- In computing, a firewall is a network security system that monitors and controls
incoming and outgoing network traffic based on predetermined security rules. A
firewall typically establishes a barrier between a trusted network and an
untrusted network, such as the Internet.
- Intrusion Detection System: An IDS is designed to detect a potential incident,
generate an alert, and do nothing to prevent the incident from occurring.
- Intrusion Prevention System: An IPS, on the other hand, is designed to take
action to block anything that it believes to be a threat to the protected system
Network security monitor
▪ IDS/IPS if I have Firewall
14
Network security monitor
Fig: IDS and IPS
▪ Why we use security onion
15
- When we talk about develop, then security onion gives them a universal panacea
for security. Here the administrator needs to do work with the system to get the
maximum result. If the same thing a professional doe, they need the experience
and knowledge so that they can completely analyze the alert and take the action
based upon the information.
- Moreover, most security professionals prefer to make their “roll their own”. This is
the version where you can create a mix and match security toolset, and work for
them. Since different networks provide different solutions, you need to select the
reviewed open-source network security tool.
- Depending on the distro, you need to select the security and a professional has to
take up the task. If you want a tester for an ethical hacker, then Kali Linux is the
best choice for you. If you need to monitor a variety of network traffic and events,
then Security Onion can be one of the best helpful tools
Network security monitor
❑ Elasticsearch
❑ Logstash
❑ Squert
❑ Snort
❑ Zeek
❑ Sguil
▪ Tools and Technologies
16
❑ TheHive
❑ Docker
❑ CyberChife
Network security monitor
▪ What is virtualization
17
- In computing, virtualization is the act of creating a virtual version of something,
including virtual computer hardware platforms, storage devices, and computer
network resources.
- There are two virtualization software we are using in this project
- 1. VMWare Pro
- 2. VM ExSi 7
- In VMware pro machine With the sniffing interface in bridged mode, you will be
able to see all traffic to and from the host machine’s physical NIC (network
interface control). If we would like to see ALL the traffic on our network, we will
need a method of forwarding that traffic to the interface to which the virtual
adapter is bridged. This can be achieved with a tap or SPAN port.
Virtualization
▪ Hypervisor of concept
18
Virtualization
- Software called hypervisors separate the physical resources from the virtual
environments—the things that need those resources. Hypervisors can sit on top
of an operating system (like on a laptop) or be installed directly onto hardware
(like a server), which is how most enterprises virtualize. Hypervisors take your
physical resources and divide them up so that virtual environments can use
them.
▪ Install and setup a network in VMware Workstation
19
Virtualization
▪ Configuring Bridged Networking
20
Virtualization
▪ Configuring Host-Only Networking
21
Virtualization
▪ Operating System Distribution
22
Virtualization
▪ Lab Setup
23
Virtualization
▪ Networking configuration
24
- In computing, virtualization is the act of creating a virtual version of something,
including virtual computer hardware platforms, storage devices, and computer
network resources. In the given table we show how we configure the network in
our test lab
Name Network Types IP
External internet
protocol
Public IP 103.102.133.14
Router IP Static IP 192.168.0.1
Vmware machine
Host only 192.168.143.0
NAT 192.168.24.0
ESxI 7 IP 192.168.24.128
Virtualization
▪ Networking configuration
25
Name Network Types IP
Security Onion
NAT 192.168.24.255
Bridge 192.168.24.130
Windows 7
NAT 192.168.137.1
Bridge 192.168.24.135
Windows Server 2012
NAT 192.186.137.80
Bridge 192.168.24.132
Kali Linux
NAT 192.186.137.48
Bridge 192.168.24.135.129
Ubuntu
NAT 192.186.137.17
Bridge 192.168.24.136
Virtualization
▪ Firewall Role
26
Virtualization
Ports IP Range Comments Sources
22 All lab machines SSH to VMS All IPv4, All IPv6
443 All lab machines HTTPS All IPv4, All IPv6
All TCP 192.168.24.130 Accessing inbound API All IPv4, All IPv6
All UDP 192.168.24.130 Accessing inbound API All IPv4, All IPv6
▪ Inbound Rules
▪ Firewall Role
27
Virtualization
▪ Outbound Rules
Ports IP Range Comments Sources Ports
All TCP 192.168.24.130
Accessing
inbound API
All IPv4, All
IPv6
All TCP
All UDP 192.168.24.130
Accessing
inbound API
All IPv4, All
IPv6
All UDP
▪ Installing Security Onion
28
- We install the security onion using ISO image in Vmware pro workstation
1. First we setup VMware settings for security onion as requirement.
1. Then we NAT and bridge the network.
1. Run the Virtual machine and boot up the iso file.
1. Installing the security onion file in graphical mood.
1. For more info we cove a video where we describe all things in detaile.
Methodology
- Hardware Requirements:
Security Onion only supports x86-64 architecture (standard Intel/AMD 64-bit
processors).
- For all other configurations, the minimum specs for running Security Onion 2
are:
❑ 16GB RAM
❑ 4 CPU cores
❑ 200GB storage
▪ System Requirements
29
Methodology
▪ Installing Security Onion
30
Methodology
▪ Installing Security Onion
31
Methodology
▪ Security onion: Welcome Screen
32
Methodology
Login Screen Web Interface
▪ Operating system Ping cheek
33
Methodology
Security Onion IP Security Onion ping check in
windows 7
▪ Operating system Ping cheek
34
Methodology
Security Onion ping check in
windows server 2012
Security Onion ping check in
kali
▪ Operating system Ping cheek
35
Methodology
Security Onion ping check in
windows server 2012
Windows 7 ping check in
Security Onion
▪ Operating system Ping cheek
36
Methodology
Windows server 2012 ping
check in Security Onion
Kali ping check in Security
Onion
Ubuntu ping check in
Security Onion
- Security Onion Console (SOC) gives you access to our Alerts interface. This
interface gives you an overview of the alerts that Security Onion is generating
and allows you to quickly drill down into details, pivot to Hunt or the PCAP
interface, and escalate alerts to Cases.
▪ Security onion: Alert
37
Methodology
Alert windows of security onion
- Network monitoring is a critical IT process where all networking components
like routers, switches, firewalls, servers, and VMs are monitored for fault and
performance and evaluated continuously to maintain and optimize their
availability. One important aspect of network monitoring is that it should be
proactive.
▪ Network monitoring systems
38
Network Traffic Analysis & Monitoring
Network monitoring systems
- To begin the process of in-depth network traffic analysis, we’ll start with Kibana.
Kibana is a data visualization tool that allows you to analyze data generated by
Elasticsearch.
▪ Network Traffic Analysis with Kibana
39
Network Traffic Analysis & Monitoring
Network monitoring systems
- Malware analysis is the process of learning how malware functions and any
potential repercussions of a given malware. Malware code can differ radically,
and it's essential to know that malware can have many functionalities. These
may come in the form of viruses, worms, spyware, and Trojan horses. Each type
of malware gathers information about the infected device without the
knowledge, or authorization of the user.
▪ What is malware analysis
40
Malware analysis with security onion
▪ malware analysis
41
Malware analysis with security onion
Unzipping pcap in security onion OS
▪ malware analysis from pcap
42
Malware analysis with security onion
Accomplishment Work
43
- Virtualization
- Network configuration
- Create virtual network adapter
- Setup network lab
- Setup virtual lab
- Setup Security Onion and other OS
- Monitoring IDS and IPS
- Ping check all OS to see their connectivity
- Network traffic analysis
❑ Implementation AWS Cloud AMI
❑ Implementation Azure Cloud Image
❑ Data protection and analysis
❑ Threat hunting and prevention
❑ Big data analysis with Security onion
❑ E-commerce data analysis with security onion
Future Work
44
❑ In this particular section we will discuss if some one wants to practice or learn
about security onion. What will the basic needs for him. We describe in bellow
• Need a clear knowledge about virtualization.
• Need to know about networking configuration Architecture
• Knowledge about IDS, IPS.
• Knowledge about NIDS, HIDS, OS detector, NSM.
• Knowledge about SOC, SIEM
Student Motivation (those who study security
onion)
45
Conclusion
Security Onion is an open-source and free intrusion detection system that is not difficult
to turn up. It is an extraordinary instructive device for both students and staff. It is possibly
appropriate for ventures with the resources and inclination to maintain and deploy their
own monitoring solution and intrusion detection system. In the case of nothing else,
turning up a Security Onion test deployment is an incredible method to have something
to benchmark.
46
Reference
❑ https://docs.securityonion.net/en/2.3/
❑ Introduction to Security Onion:
https://www.researchgate.net/publication/304200311_Introduction_to_Security_Onion
❑ Bugs in Security Onion:
https://www.researchgate.net/publication/355978629_Bugs_in_Security_Onion
❑ For malware analysis:
https://www.malware-traffic-analysis.net/2021/08/05/index.html
47
Any Question
48
THANK YOU
49

More Related Content

Similar to Enterprise Security Monitoring, And Log Management.

8 Top Cybersecurity Tools.pptx
8 Top Cybersecurity Tools.pptx8 Top Cybersecurity Tools.pptx
8 Top Cybersecurity Tools.pptx
Metaorange
 
8 Top Cybersecurity Tools.pdf
8 Top Cybersecurity Tools.pdf8 Top Cybersecurity Tools.pdf
8 Top Cybersecurity Tools.pdf
Metaorange
 
Intrusion Detection System Project Report
Intrusion Detection System Project ReportIntrusion Detection System Project Report
Intrusion Detection System Project Report
Raghav Bisht
 
Top 25 SOC Analyst interview questions.pdf
Top 25 SOC Analyst interview questions.pdfTop 25 SOC Analyst interview questions.pdf
Top 25 SOC Analyst interview questions.pdf
infosec train
 
Wireless Networking
Wireless NetworkingWireless Networking
Wireless Networking
GulshanAra14
 
SMB Network Security Checklist
 SMB Network Security Checklist SMB Network Security Checklist
SMB Network Security Checklist
Mobeen Khan
 
Certified Ethical Hacking
Certified Ethical HackingCertified Ethical Hacking
Certified Ethical Hacking
Jennifer Wood
 
Top 25 SOC Analyst interview questions that You Should Know.pptx
Top 25 SOC Analyst interview questions that You Should Know.pptxTop 25 SOC Analyst interview questions that You Should Know.pptx
Top 25 SOC Analyst interview questions that You Should Know.pptx
Infosectrain3
 
UEBA
UEBAUEBA
A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...
Erin Moore
 
Edu 03Anju 23 assignment.pdf
Edu 03Anju 23 assignment.pdfEdu 03Anju 23 assignment.pdf
Edu 03Anju 23 assignment.pdf
ANJUMOHANANU
 
Security Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxSecurity Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptx
AmardeepKumar621436
 
Network intrusi detection system
Network intrusi detection systemNetwork intrusi detection system
Network intrusi detection system
Maulana Arif
 
Network intrusi detection system
Network intrusi detection systemNetwork intrusi detection system
Network intrusi detection system
Duwinowo NT
 
information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...
Zara Nawaz
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
Harish Chaudhary
 
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
MohamedOmerMusa
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Angeloluca Barba
 
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
Belayet Hossain
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
monacofamily
 

Similar to Enterprise Security Monitoring, And Log Management. (20)

8 Top Cybersecurity Tools.pptx
8 Top Cybersecurity Tools.pptx8 Top Cybersecurity Tools.pptx
8 Top Cybersecurity Tools.pptx
 
8 Top Cybersecurity Tools.pdf
8 Top Cybersecurity Tools.pdf8 Top Cybersecurity Tools.pdf
8 Top Cybersecurity Tools.pdf
 
Intrusion Detection System Project Report
Intrusion Detection System Project ReportIntrusion Detection System Project Report
Intrusion Detection System Project Report
 
Top 25 SOC Analyst interview questions.pdf
Top 25 SOC Analyst interview questions.pdfTop 25 SOC Analyst interview questions.pdf
Top 25 SOC Analyst interview questions.pdf
 
Wireless Networking
Wireless NetworkingWireless Networking
Wireless Networking
 
SMB Network Security Checklist
 SMB Network Security Checklist SMB Network Security Checklist
SMB Network Security Checklist
 
Certified Ethical Hacking
Certified Ethical HackingCertified Ethical Hacking
Certified Ethical Hacking
 
Top 25 SOC Analyst interview questions that You Should Know.pptx
Top 25 SOC Analyst interview questions that You Should Know.pptxTop 25 SOC Analyst interview questions that You Should Know.pptx
Top 25 SOC Analyst interview questions that You Should Know.pptx
 
UEBA
UEBAUEBA
UEBA
 
A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...
 
Edu 03Anju 23 assignment.pdf
Edu 03Anju 23 assignment.pdfEdu 03Anju 23 assignment.pdf
Edu 03Anju 23 assignment.pdf
 
Security Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxSecurity Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptx
 
Network intrusi detection system
Network intrusi detection systemNetwork intrusi detection system
Network intrusi detection system
 
Network intrusi detection system
Network intrusi detection systemNetwork intrusi detection system
Network intrusi detection system
 
information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
 
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 

More from Boni Yeamin

Mastering LinkedIn - From Profile Setup to Networking Success
Mastering LinkedIn - From Profile Setup to Networking SuccessMastering LinkedIn - From Profile Setup to Networking Success
Mastering LinkedIn - From Profile Setup to Networking Success
Boni Yeamin
 
Building Active Directory Monitoring with Telegraf, InfluxDB, and Grafana
Building Active Directory Monitoring with Telegraf, InfluxDB, and GrafanaBuilding Active Directory Monitoring with Telegraf, InfluxDB, and Grafana
Building Active Directory Monitoring with Telegraf, InfluxDB, and Grafana
Boni Yeamin
 
Open source SOC Tools for Home-Lab
Open source SOC Tools for Home-LabOpen source SOC Tools for Home-Lab
Open source SOC Tools for Home-Lab
Boni Yeamin
 
Career in Cyber Security - City University.pptx
Career in Cyber Security - City University.pptxCareer in Cyber Security - City University.pptx
Career in Cyber Security - City University.pptx
Boni Yeamin
 
Structures in C.pptx
Structures in C.pptxStructures in C.pptx
Structures in C.pptx
Boni Yeamin
 
Effective note keeping
Effective note keepingEffective note keeping
Effective note keeping
Boni Yeamin
 
Network Operations Center (NOC)
Network Operations Center (NOC)Network Operations Center (NOC)
Network Operations Center (NOC)
Boni Yeamin
 
Open Source Cybersecurity Tools
Open Source Cybersecurity ToolsOpen Source Cybersecurity Tools
Open Source Cybersecurity Tools
Boni Yeamin
 
VMware Workstation
VMware WorkstationVMware Workstation
VMware Workstation
Boni Yeamin
 
How to Build Your Linkedin Profile To Get Jobs.pptx
How to Build Your Linkedin Profile To Get Jobs.pptxHow to Build Your Linkedin Profile To Get Jobs.pptx
How to Build Your Linkedin Profile To Get Jobs.pptx
Boni Yeamin
 
Boni Yeamin Thesis final_report.pdf
Boni Yeamin Thesis final_report.pdfBoni Yeamin Thesis final_report.pdf
Boni Yeamin Thesis final_report.pdf
Boni Yeamin
 
cybersecurity analyst.pptx
cybersecurity analyst.pptxcybersecurity analyst.pptx
cybersecurity analyst.pptx
Boni Yeamin
 
Introduction to SOC
Introduction to SOCIntroduction to SOC
Introduction to SOC
Boni Yeamin
 

More from Boni Yeamin (13)

Mastering LinkedIn - From Profile Setup to Networking Success
Mastering LinkedIn - From Profile Setup to Networking SuccessMastering LinkedIn - From Profile Setup to Networking Success
Mastering LinkedIn - From Profile Setup to Networking Success
 
Building Active Directory Monitoring with Telegraf, InfluxDB, and Grafana
Building Active Directory Monitoring with Telegraf, InfluxDB, and GrafanaBuilding Active Directory Monitoring with Telegraf, InfluxDB, and Grafana
Building Active Directory Monitoring with Telegraf, InfluxDB, and Grafana
 
Open source SOC Tools for Home-Lab
Open source SOC Tools for Home-LabOpen source SOC Tools for Home-Lab
Open source SOC Tools for Home-Lab
 
Career in Cyber Security - City University.pptx
Career in Cyber Security - City University.pptxCareer in Cyber Security - City University.pptx
Career in Cyber Security - City University.pptx
 
Structures in C.pptx
Structures in C.pptxStructures in C.pptx
Structures in C.pptx
 
Effective note keeping
Effective note keepingEffective note keeping
Effective note keeping
 
Network Operations Center (NOC)
Network Operations Center (NOC)Network Operations Center (NOC)
Network Operations Center (NOC)
 
Open Source Cybersecurity Tools
Open Source Cybersecurity ToolsOpen Source Cybersecurity Tools
Open Source Cybersecurity Tools
 
VMware Workstation
VMware WorkstationVMware Workstation
VMware Workstation
 
How to Build Your Linkedin Profile To Get Jobs.pptx
How to Build Your Linkedin Profile To Get Jobs.pptxHow to Build Your Linkedin Profile To Get Jobs.pptx
How to Build Your Linkedin Profile To Get Jobs.pptx
 
Boni Yeamin Thesis final_report.pdf
Boni Yeamin Thesis final_report.pdfBoni Yeamin Thesis final_report.pdf
Boni Yeamin Thesis final_report.pdf
 
cybersecurity analyst.pptx
cybersecurity analyst.pptxcybersecurity analyst.pptx
cybersecurity analyst.pptx
 
Introduction to SOC
Introduction to SOCIntroduction to SOC
Introduction to SOC
 

Recently uploaded

Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
saastr
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
DianaGray10
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
Neo4j
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Postman
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Precisely
 

Recently uploaded (20)

Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
 

Enterprise Security Monitoring, And Log Management.

  • 2. How Security Onion in Linux Distribution For Threat Hunting, Enterprise Security Monitoring, And Log Management. Name Of Our Thesis 01
  • 3. - Introduction - Background study - Literature review - Network security monitor - Why we use security onion - Tools and technologies - Virtualization - Methodology Agenda 02 - Network Traffic Analysis & Monitoring - Malware analysis with security onion - Accomplishment Work - Future Works - Student Motivation (those who study security onion) - Conclusion - Reference
  • 4. Presented By 03 Supervised By CO-Supervised By Mashihoor Rahman Cyber Security Analyst Sahabuddin Lecturer Department of CSE City University Name ID Boni Yeamin 173462012 Nahnudul Hasan Nir Rahim 173462098
  • 5. ▪ Introduction of Security Onion 04 - This work takes a closer look into the functionality and efficiency of a prebuilt, open source, security tool, known as the Security Onion. The Security Onion was selected as the system of choice for this experiment based on the numerous different kinds of tools that are integrated into its design. Many security systems don’t incorporate numerous tools into the design, making it a unique system to analyze. Introduction
  • 6. ▪ Statement of the problem 05 - many organizations fail to provide security with the necessary budget, guidance, or resources. - fully understanding the effectiveness or ineffectiveness of the tool. - utilize a variety of software - firewall - Monitoring and securing a network are a daunting task Introduction
  • 7. ▪ Objective 06 - The objective of this research is to provide a comparative analysis of a device with the Security Onion installed, and one without it. It is to provide users with greater insight into how effective or ineffective a security tool may actually be. This could potentially help them realize, or understand, the pros and cons of a security tool and how secure their network truly is. Introduction
  • 8. ▪ Limitation of the Research 07 - This study is limited to the comparative analysis of the Security Onion, although, there are other opensource security tools available for enterprises to utilize. Moreover, this work attempts to launch attacks on each computer to analyze the effects. However, the complexity of the attacks is restricted and doesn’t include all variations of protentional threats or vulnerabilities. Introduction
  • 9. ▪ Background Related to the problem 08 - The area of cybersecurity has become a growing commodity for companies over the last decades. According to Jeff, there will be a “3.5 million global shortage of cybersecurity professionals by 2022" Cybersecurity Ventures reported that the number of unfilled cybersecurity jobs grew by 350%. The Security Onion allows enterprises to automate and control the security process, which can potentially help a department that is lacking proper man and women power. In addition, it is a cost-effective solution since the software is prebuilt and free. On the surface the Security Onion looks like a promising tool that could solve all of an organization’s security problems. professionals need to be subjective when deciding on the proper way to secure their company. Background study
  • 10. ▪ Literature Study 09 - This section provides additional content relating to the background of the problem; including the primary use of the Security Onion to protect an enterprise’s network. It introduces the common problems or challenges that exist in the security world and the ways in which it impacts a professional’s decisions to use an open-source system, such as the Security Onion. It looks at literature to indicate the current understanding of the system and identify what’s missing. Finally, it introduces the concept of a private network and different types of attacks. Literature review
  • 11. ▪ Literature related problem 10 - The Security Onion is a relatively new concept in the cybersecurity world. When reading through different articles, books, and journals, there seems to be a lack of information relating to the effectiveness or ineffectiveness of the software. There were many pieces of literature relating to the setup of the system and different ways of configuring it to help prevent certain types of attacks. Literature review
  • 12. ▪ Intrusion Detection 11 - Security Onion generates NIDS (Network Intrusion Detection System) alerts by monitoring your network traffic and looking for specific fingerprints and identifiers that match known malicious, anomalous, or otherwise suspicious traffic. - This is signature-based detection so you might say that it’s similar to antivirus signatures for the network, but it’s a bit deeper and more flexible than that. NIDS alerts are generated by Surakata. Network security monitor
  • 13. ▪ Intrusion Prevention 12 - An intrusion prevention system (IPS) is a network security tool (which can be a hardware device or software) that continuously monitors a network for malicious activity and takes action to prevent it, including reporting, blocking, or dropping it, when it does occur. - An intrusion prevention system is placed inline, in the flow of network traffic between the source and destination, and usually sits just behind the firewall. There are several techniques that intrusion prevention systems use to identify threats. Network security monitor
  • 14. ▪ Why IDS/IPS if I have Firewall 13 - In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted network and an untrusted network, such as the Internet. - Intrusion Detection System: An IDS is designed to detect a potential incident, generate an alert, and do nothing to prevent the incident from occurring. - Intrusion Prevention System: An IPS, on the other hand, is designed to take action to block anything that it believes to be a threat to the protected system Network security monitor
  • 15. ▪ IDS/IPS if I have Firewall 14 Network security monitor Fig: IDS and IPS
  • 16. ▪ Why we use security onion 15 - When we talk about develop, then security onion gives them a universal panacea for security. Here the administrator needs to do work with the system to get the maximum result. If the same thing a professional doe, they need the experience and knowledge so that they can completely analyze the alert and take the action based upon the information. - Moreover, most security professionals prefer to make their “roll their own”. This is the version where you can create a mix and match security toolset, and work for them. Since different networks provide different solutions, you need to select the reviewed open-source network security tool. - Depending on the distro, you need to select the security and a professional has to take up the task. If you want a tester for an ethical hacker, then Kali Linux is the best choice for you. If you need to monitor a variety of network traffic and events, then Security Onion can be one of the best helpful tools Network security monitor
  • 17. ❑ Elasticsearch ❑ Logstash ❑ Squert ❑ Snort ❑ Zeek ❑ Sguil ▪ Tools and Technologies 16 ❑ TheHive ❑ Docker ❑ CyberChife Network security monitor
  • 18. ▪ What is virtualization 17 - In computing, virtualization is the act of creating a virtual version of something, including virtual computer hardware platforms, storage devices, and computer network resources. - There are two virtualization software we are using in this project - 1. VMWare Pro - 2. VM ExSi 7 - In VMware pro machine With the sniffing interface in bridged mode, you will be able to see all traffic to and from the host machine’s physical NIC (network interface control). If we would like to see ALL the traffic on our network, we will need a method of forwarding that traffic to the interface to which the virtual adapter is bridged. This can be achieved with a tap or SPAN port. Virtualization
  • 19. ▪ Hypervisor of concept 18 Virtualization - Software called hypervisors separate the physical resources from the virtual environments—the things that need those resources. Hypervisors can sit on top of an operating system (like on a laptop) or be installed directly onto hardware (like a server), which is how most enterprises virtualize. Hypervisors take your physical resources and divide them up so that virtual environments can use them.
  • 20. ▪ Install and setup a network in VMware Workstation 19 Virtualization
  • 21. ▪ Configuring Bridged Networking 20 Virtualization
  • 22. ▪ Configuring Host-Only Networking 21 Virtualization
  • 23. ▪ Operating System Distribution 22 Virtualization
  • 25. ▪ Networking configuration 24 - In computing, virtualization is the act of creating a virtual version of something, including virtual computer hardware platforms, storage devices, and computer network resources. In the given table we show how we configure the network in our test lab Name Network Types IP External internet protocol Public IP 103.102.133.14 Router IP Static IP 192.168.0.1 Vmware machine Host only 192.168.143.0 NAT 192.168.24.0 ESxI 7 IP 192.168.24.128 Virtualization
  • 26. ▪ Networking configuration 25 Name Network Types IP Security Onion NAT 192.168.24.255 Bridge 192.168.24.130 Windows 7 NAT 192.168.137.1 Bridge 192.168.24.135 Windows Server 2012 NAT 192.186.137.80 Bridge 192.168.24.132 Kali Linux NAT 192.186.137.48 Bridge 192.168.24.135.129 Ubuntu NAT 192.186.137.17 Bridge 192.168.24.136 Virtualization
  • 27. ▪ Firewall Role 26 Virtualization Ports IP Range Comments Sources 22 All lab machines SSH to VMS All IPv4, All IPv6 443 All lab machines HTTPS All IPv4, All IPv6 All TCP 192.168.24.130 Accessing inbound API All IPv4, All IPv6 All UDP 192.168.24.130 Accessing inbound API All IPv4, All IPv6 ▪ Inbound Rules
  • 28. ▪ Firewall Role 27 Virtualization ▪ Outbound Rules Ports IP Range Comments Sources Ports All TCP 192.168.24.130 Accessing inbound API All IPv4, All IPv6 All TCP All UDP 192.168.24.130 Accessing inbound API All IPv4, All IPv6 All UDP
  • 29. ▪ Installing Security Onion 28 - We install the security onion using ISO image in Vmware pro workstation 1. First we setup VMware settings for security onion as requirement. 1. Then we NAT and bridge the network. 1. Run the Virtual machine and boot up the iso file. 1. Installing the security onion file in graphical mood. 1. For more info we cove a video where we describe all things in detaile. Methodology
  • 30. - Hardware Requirements: Security Onion only supports x86-64 architecture (standard Intel/AMD 64-bit processors). - For all other configurations, the minimum specs for running Security Onion 2 are: ❑ 16GB RAM ❑ 4 CPU cores ❑ 200GB storage ▪ System Requirements 29 Methodology
  • 31. ▪ Installing Security Onion 30 Methodology
  • 32. ▪ Installing Security Onion 31 Methodology
  • 33. ▪ Security onion: Welcome Screen 32 Methodology Login Screen Web Interface
  • 34. ▪ Operating system Ping cheek 33 Methodology Security Onion IP Security Onion ping check in windows 7
  • 35. ▪ Operating system Ping cheek 34 Methodology Security Onion ping check in windows server 2012 Security Onion ping check in kali
  • 36. ▪ Operating system Ping cheek 35 Methodology Security Onion ping check in windows server 2012 Windows 7 ping check in Security Onion
  • 37. ▪ Operating system Ping cheek 36 Methodology Windows server 2012 ping check in Security Onion Kali ping check in Security Onion Ubuntu ping check in Security Onion
  • 38. - Security Onion Console (SOC) gives you access to our Alerts interface. This interface gives you an overview of the alerts that Security Onion is generating and allows you to quickly drill down into details, pivot to Hunt or the PCAP interface, and escalate alerts to Cases. ▪ Security onion: Alert 37 Methodology Alert windows of security onion
  • 39. - Network monitoring is a critical IT process where all networking components like routers, switches, firewalls, servers, and VMs are monitored for fault and performance and evaluated continuously to maintain and optimize their availability. One important aspect of network monitoring is that it should be proactive. ▪ Network monitoring systems 38 Network Traffic Analysis & Monitoring Network monitoring systems
  • 40. - To begin the process of in-depth network traffic analysis, we’ll start with Kibana. Kibana is a data visualization tool that allows you to analyze data generated by Elasticsearch. ▪ Network Traffic Analysis with Kibana 39 Network Traffic Analysis & Monitoring Network monitoring systems
  • 41. - Malware analysis is the process of learning how malware functions and any potential repercussions of a given malware. Malware code can differ radically, and it's essential to know that malware can have many functionalities. These may come in the form of viruses, worms, spyware, and Trojan horses. Each type of malware gathers information about the infected device without the knowledge, or authorization of the user. ▪ What is malware analysis 40 Malware analysis with security onion
  • 42. ▪ malware analysis 41 Malware analysis with security onion Unzipping pcap in security onion OS
  • 43. ▪ malware analysis from pcap 42 Malware analysis with security onion
  • 44. Accomplishment Work 43 - Virtualization - Network configuration - Create virtual network adapter - Setup network lab - Setup virtual lab - Setup Security Onion and other OS - Monitoring IDS and IPS - Ping check all OS to see their connectivity - Network traffic analysis
  • 45. ❑ Implementation AWS Cloud AMI ❑ Implementation Azure Cloud Image ❑ Data protection and analysis ❑ Threat hunting and prevention ❑ Big data analysis with Security onion ❑ E-commerce data analysis with security onion Future Work 44
  • 46. ❑ In this particular section we will discuss if some one wants to practice or learn about security onion. What will the basic needs for him. We describe in bellow • Need a clear knowledge about virtualization. • Need to know about networking configuration Architecture • Knowledge about IDS, IPS. • Knowledge about NIDS, HIDS, OS detector, NSM. • Knowledge about SOC, SIEM Student Motivation (those who study security onion) 45
  • 47. Conclusion Security Onion is an open-source and free intrusion detection system that is not difficult to turn up. It is an extraordinary instructive device for both students and staff. It is possibly appropriate for ventures with the resources and inclination to maintain and deploy their own monitoring solution and intrusion detection system. In the case of nothing else, turning up a Security Onion test deployment is an incredible method to have something to benchmark. 46
  • 48. Reference ❑ https://docs.securityonion.net/en/2.3/ ❑ Introduction to Security Onion: https://www.researchgate.net/publication/304200311_Introduction_to_Security_Onion ❑ Bugs in Security Onion: https://www.researchgate.net/publication/355978629_Bugs_in_Security_Onion ❑ For malware analysis: https://www.malware-traffic-analysis.net/2021/08/05/index.html 47