Security Onion


I stumbled upon a promising open source tool called Security Onion managed by Doug Burks (@).  What is so exciting about the tool is that it combines several of the best tools from the open source security community running on Ubuntu Linux distribution and creatomg a kind of Security Operations Center giving you several insights into your network and its behavior.

Security Onion is a tool which combines Intrusion Detection/Prevention System (IDS/IPS), Host Intrusion Detection/Prevention System (HIDS/HIPS), Network Security Monitoring, and Log Management functions into a single system.  It achieves this by including Snort, Suricata, Bro, OSSEC, Sguil, Squert, Snorby, ELSA, Xplico, NetworkMiner, and many other security tools.  It requires a significant amount of time and expertise to configure and optimize all of the previously mentioned tools and have them integrated but Security Onion makes the task easy by removing the complexity involved in the installation and management of the individual tools.  It does that by providing with a setup wizard which takes care of all the necessary software and package installation.  Of course one still needs, the expertise and time to manage the system once it is installed and running.

Detailed information on the tool such as how to get started, network configuration, customization, and tips/tricks can be found on the Wiki page.  Doug also keeps a blog with detailed instruction and step by step guides.  I am very excited to try this excellent combination of security tools to see how i can utilize it to add additional security layer to our network.

Tagged , , , , , ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: