Network Security Monitoring made Easy with Security Onion LiveCD

Want an easy to use intrusion detection and monitoring solution that is easy to use and install? Look no further than Doug Burk’s (SANS GSESecurity Onion LiveCD.

This security Linux distribution marries the every popular SNORT Intrusion Detection System (IDS), and Sguil (Security analysis program created by a former member of the Air Force’s CERT team) in an easy to use package.

You can run Security Onion completely off the CD or install it and run it from a hard drive. I wanted to see how easy it was to use, so I installed it and ran it through the paces.

I chose to run it in LiveCD mode. Once it boots to desktop, you simply run the setup script, then choose advanced or quick setup:

I chose the quick setup. Next just choose a name and password for the Sguil server. Setup is now complete!

Next just double-click on Sguil, choose what interface to monitor and that is it. You now have a complete, up and running Intrusion Detection and Monitoring system. Very quick to set up and simple to use. 

Testing worked great, I did some simple attacks against the system with Backtrack 4. It detected the attacks and listed the events in the Sguil interface. Right clicking on the alerts brings up a menu where you can view a transcript of the attack, or even view the packet stream in Wireshark!

Security Onion runs on Xubuntu 10.04 and includes:

  • Snort updated to 2.9.0.3.
  • Suricata updated to 1.1beta1
  • Barnyard2 updated to 1.9 Stable.
  • Vortex updated to 2.9.0.
  • Installed OSSEC for host-based intrusion detection.
  • Installed Squert web interface for Sguil.
  • Installed Armitage GUI interface for Metasploit.
  • What an awesome tool for network defense. An intrusion detection and monitoring system used by many large companies, preconfigured and ready to use even on your small business or home system. This would work great with Dualcomm’s Network port mirroring device.  Check it out!

     

    ~ by D. Dieterle on January 15, 2011.

    2 Responses to “Network Security Monitoring made Easy with Security Onion LiveCD”

    1. Thanks for using Security Onion!

    Leave a Reply

    Fill in your details below or click an icon to log in:

    WordPress.com Logo

    You are commenting using your WordPress.com account. Log Out / Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out / Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out / Change )

    Google+ photo

    You are commenting using your Google+ account. Log Out / Change )

    Connecting to %s

     
    %d bloggers like this: