This security Linux distribution marries the every popular SNORT Intrusion Detection System (IDS), and Sguil (Security analysis program created by a former member of the Air Force’s CERT team) in an easy to use package.
You can run Security Onion completely off the CD or install it and run it from a hard drive. I wanted to see how easy it was to use, so I installed it and ran it through the paces.
I chose to run it in LiveCD mode. Once it boots to desktop, you simply run the setup script, then choose advanced or quick setup:
I chose the quick setup. Next just choose a name and password for the Sguil server. Setup is now complete!
Next just double-click on Sguil, choose what interface to monitor and that is it. You now have a complete, up and running Intrusion Detection and Monitoring system. Very quick to set up and simple to use.
Testing worked great, I did some simple attacks against the system with Backtrack 4. It detected the attacks and listed the events in the Sguil interface. Right clicking on the alerts brings up a menu where you can view a transcript of the attack, or even view the packet stream in Wireshark!
Security Onion runs on Xubuntu 10.04 and includes:
What an awesome tool for network defense. An intrusion detection and monitoring system used by many large companies, preconfigured and ready to use even on your small business or home system. This would work great with Dualcomm’s Network port mirroring device. Check it out!