SlideShare ist ein Scribd-Unternehmen logo

security onion

Als PPTX, PDF herunterladen
Boni Yeamin
Boni Yeamin

Security Onion includes best-of-breed free and open tools including Suricata, Zeek, Wazuh, the Elastic Stack and many others. We created and maintain Security

Technologie
1 von 38
WELCOME TO OUR PRESENTATION
How Security Onion in Linux Distribution For Threat Hunting, Enterprise Security Monitoring, And Log Management. Name Of Our Thesis 01
- Introduction - Background study - Literature review - Network security monitor - Why we use security onion - Tools and technologies - Virtualization - Methodology Agenda 02 - Network Traffic Analysis & Monitoring - Malware analysis with security onion - Accomplishment Work - Future Works - Student Motivation (those who study security onion) - Conclusion - Reference
Presented By 03 Supervised By CO-Supervised By Mashihoor Rahman Cyber Security Analyst Sahabuddin Lecturer Department of CSE City University Name ID Boni Yeamin 173462012 Nahnudul Hasan Nir Rahim 173462098
 Introduction of Security Onion 04 - This work takes a closer look into the functionality and efficiency of a prebuilt, open source, security tool, known as the Security Onion. The Security Onion was selected as the system of choice for this experiment based on the numerous different kinds of tools that are integrated into its design. Many security systems don’t incorporate numerous tools into the design, making it a unique system to analyze. Introduction
 Statement of the problem 04 - many organizations fail to provide security with the necessary budget, guidance, or resources. - fully understanding the effectiveness or ineffectiveness of the tool. - utilize a variety of software - firewall - Monitoring and securing a network are a daunting task Introduction
 Objective 04 - The objective of this research is to provide a comparative analysis of a device with the Security Onion installed, and one without it. It is to provide users with greater insight into how effective or ineffective a security tool may actually be. This could potentially help them realize, or understand, the pros and cons of a security tool and how secure their network truly is. Introduction
 Limitation of the Research 04 - This study is limited to the comparative analysis of the Security Onion, although, there are other opensource security tools available for enterprises to utilize. Moreover, this work attempts to launch attacks on each computer to analyze the effects. However, the complexity of the attacks is restricted and doesn’t include all variations of protentional threats or vulnerabilities. Introduction
 Background Related to the problem 04 - The area of cybersecurity has become a growing commodity for companies over the last decades. According to Jeff, there will be a “3.5 million global shortage of cybersecurity professionals by 2022" Cybersecurity Ventures reported that the number of unfilled cybersecurity jobs grew by 350%. The Security Onion allows enterprises to automate and control the security process, which can potentially help a department that is lacking proper man and women power. In addition, it is a cost-effective solution since the software is prebuilt and free. On the surface the Security Onion looks like a promising tool that could solve all of an organization’s security problems. professionals need to be Background study
 Literature Study 04 - This section provides additional content relating to the background of the problem; including the primary use of the Security Onion to protect an enterprise’s network. It introduces the common problems or challenges that exist in the security world and the ways in which it impacts a professional’s decisions to use an open-source system, such as the Security Onion. It looks at literature to indicate the current understanding of the system and identify what’s missing. Finally, it introduces the concept of a private network and different types of attacks. Literature review
 Literature related problem 04 - The Security Onion is a relatively new concept in the cybersecurity world. When reading through different articles, books, and journals, there seems to be a lack of information relating to the effectiveness or ineffectiveness of the software. There were many pieces of literature relating to the setup of the system and different ways of configuring it to help prevent certain types of attacks. Literature review
Why we use security onion 06 - When we talk about develop, then security onion gives them a universal panacea for security. Here the administrator needs to do work with the system to get the maximum result. If the same thing a professional doe, they need the experience and knowledge so that they can completely analyze the alert and take the action based upon the information. - Moreover, most security professionals prefer to make their “roll their own”. This is the version where you can create a mix and match security toolset, and work for them. Since different networks provide different solutions, you need to select the reviewed open-source network security tool. - Depending on the distro, you need to select the security and a professional has to take up the task. If you want a tester for an ethical hacker, then Kali Linux is the best choice for you. If you need to monitor a variety of network traffic and events, then Security
 Elasticsearch  Logstash  Squert  Snort  Zeek  Sguil  Kibana  Capme  NetworkMiner  Wazuh Tools and Technologies 23  TheHive  Docker  CyberChife
- Security onion is a network security monitoring (NSM) system that provides full context and forensic visibility into the traffic monitors. - Designed to make deploying complex open- source tools simple via a single package - Having the ability to pivot from one tool to the next to seamlessly, provides the most effective collection of network security tools available in a single package - Allows the choice of IDS engines, analysts consoles, web interfaces What is Security Onion 05
What is SOC, NMS, SIEM Solution 06 - (SOC) A security operations center is a centralized unit that deals with security issues on an organizational and technical level. - (NMS)Network monitoring systems include software and hardware tools that can track various aspects of a network and its operation, such as traffic, bandwidth utilization, and uptime. These systems can detect devices and other elements that comprise or touch the network, as well as provide status updates. - (SIEM) .Security information and event management technology supports threat detection, compliance and security incident management through the collection and analysis (both near real time and historical) of security events, as well as a wide variety of other event and contextual data sources.
Why Open Source 07 - Every company has a unique process for creating reviewing and approving/denying business cases. The path of creating and improving a SOC is challenging and Costly. - Annual operating costs: We are assuming the company has their own management team, Operators, Office supplies and Computers. So, we considering only Software maintenance cost, that is $25,000 and recurring cost can be included. - For a Mid Level company this amount is very large and won’t try to make a SOC for their company.
Why IDS/IPS if I have Firewall 08 - In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted network and an untrusted network, such as the Internet. - Intrusion Detection System: An IDS is designed to detect a potential incident, generate an alert, and do nothing to prevent the incident from occurring. - Intrusion Prevention System: An IPS, on the other hand, is designed to take action to block anything that it believes to be a threat to the protected system
IDS/IPS if I have Firewall 09 Fig: IDS and IPS
Operating System Distribution 10
Virtualization 11 - In computing, virtualization is the act of creating a virtual version of something, including virtual computer hardware platforms, storage devices, and computer network resources. - There are two virtualization software we are using in this project - 1. VMWare Pro - 2. VM ExSi 7 - In VMware pro machine With the sniffing interface in bridged mode, you will be able to see all traffic to and from the host machine’s physical NIC (network interface control). If we would like to see ALL the traffic on our network, we will need a method of forwarding that traffic to the interface to which the virtual adapter is bridged. This can be achieved with a tap or SPAN port.
- Hardware Requirements: Security Onion only supports x86-64 architecture (standard Intel/AMD 64-bit processors). - For all other configurations, the minimum specs for running Security Onion 2 are:  16GB RAM  4 CPU cores  200GB storage System Requirements 12
Lab Setup 13
Networking configuration 14 - In computing, virtualization is the act of creating a virtual version of something, including virtual computer hardware platforms, storage devices, and computer network resources. In the given table we show how we configure the network in our test lab Name Network Types IP External internet protocol Public IP 103.102.133.14 Router IP Static IP 192.168.0.1 Vmware machine Host only 192.168.143.0 NAT 192.168.24.0 ESxI 7 IP 192.168.24.128
Networking configuration 15 Name Network Types IP Security Onion NAT 192.168.24.255 Bridge 192.168.24.130 Windows 7 NAT 192.168.137.1 Bridge 192.168.24.135 Windows Server 2012 NAT 192.186.137.80 Bridge 192.168.24.132 Kali Linux NAT 192.186.137.48 Bridge 192.168.24.135.129 Ubuntu NAT 192.186.137.17 Bridge 192.168.24.136
Installing Security Onion 16 - We install the security onion using ISO image in Vmware pro workstation 1. First we setup VMware settings for security onion as requirement. 2. Then we NAT and bridge the network. 3. Run the Virtual machine and boot up the iso file. 4. Installing the security onion file in graphical mood. 5. For more info we cove a video where we describe all things in detaile.
Security Onion Architecture 17 - In computing, virtualization is the act of creating a virtual version of something, including virtual computer hardware platforms, storage devices, and computer network resources.
Security Onion Architecture 18
Work Flow Diagram 19
Work Flow Diagram 20
Contribution Diagram 21
Contribution Working Process 22
Accomplishment Work 24 - Virtualization - Network configuration - Setup network lab - Setup virtual lab - Setup Security Onion and other OS - Monitoring IDS and IPS
 Implementation AWS Cloud AMI  Implementation Azure Cloud Image Future Work 25
 In this particular section we will discuss if some one wants to practice or learn about security onion. What will the basic needs for him. We describe in bellow • Need a clear knowledge about virtualization. • Need to know about networking configuration Architecture • Knowledge about IDS, IPS. • Knowledge about NIDS, HIDS, OS detector, NSM. • Knowledge about SOC, SIEM Student Motivation (those who study security onion) 26
Conclusion Security Onion is an open-source and free intrusion detection system that is not difficult to turn up. It is an extraordinary instructive device for both students and staff. It is possibly appropriate for ventures with the resources and inclination to maintain and deploy their own monitoring solution and intrusion detection system. In the case of nothing else, turning up a Security Onion test deployment is an incredible method to have something to benchmark. 27
Reference  https://docs.securityonion.net/en/2.3/  Introduction to Security Onion: https://www.researchgate.net/publication/304200311_Introduction_to_Security_Onio n  Bugs in Security Onio: https://www.researchgate.net/publication/355978629_Bugs_in_Security_Onion 28
Any Question 29
THANK YOU 30

Empfohlen

Security Onion
Security OnionSecurity Onion
Security Onionjohndegruyter
 
Security Onion - Introduction
Security Onion - IntroductionSecurity Onion - Introduction
Security Onion - Introductionn|u - The Open Security Community
 
Security Onion
Security OnionSecurity Onion
Security Onionn|u - The Open Security Community
 
Open source SOC Tools for Home-Lab
Open source SOC Tools for Home-LabOpen source SOC Tools for Home-Lab
Open source SOC Tools for Home-LabBoni Yeamin
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N NessusUtkarsh Verma
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsMark Arena
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 

Empfohlen

Security Onion
Security OnionSecurity Onion
Security Onionjohndegruyter
 
Security Onion - Introduction
Security Onion - IntroductionSecurity Onion - Introduction
Security Onion - Introductionn|u - The Open Security Community
 
Security Onion
Security OnionSecurity Onion
Security Onionn|u - The Open Security Community
 
Open source SOC Tools for Home-Lab
Open source SOC Tools for Home-LabOpen source SOC Tools for Home-Lab
Open source SOC Tools for Home-LabBoni Yeamin
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N NessusUtkarsh Verma
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsMark Arena
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019Priyanka Aash
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team FrameworkAdrian Sanabria
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAAKASH S
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework👀 Joe Gray
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention SystemVishwanath Badiger
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - BriefAshley Deuble
 
OpenVAS
OpenVASOpenVAS
OpenVASsvm
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
IPS (intrusion prevention system)
IPS (intrusion prevention system)IPS (intrusion prevention system)
IPS (intrusion prevention system)Netwax Lab
 
Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightDeep Shankar Yadav
 
Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence WorkshopPriyanka Aash
 
NMAP
NMAPNMAP
NMAPPrateekAryan1
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat IntelligenceSirius
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleGregory Hanis
 
Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Laura Arrigo
 

Weitere ähnliche Inhalte

Was ist angesagt?

Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019Priyanka Aash
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAAKASH S
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - BriefAshley Deuble
 
OpenVAS
OpenVASOpenVAS
OpenVASsvm
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
IPS (intrusion prevention system)
IPS (intrusion prevention system)IPS (intrusion prevention system)
IPS (intrusion prevention system)Netwax Lab
 
Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightDeep Shankar Yadav
 
Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence WorkshopPriyanka Aash
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat IntelligenceSirius
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 

Was ist angesagt? (20)

Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention System
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - Brief
 
OpenVAS
OpenVASOpenVAS
OpenVAS
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
IPS (intrusion prevention system)
IPS (intrusion prevention system)IPS (intrusion prevention system)
IPS (intrusion prevention system)
 
Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to Insight
 
Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence Workshop
 
NMAP
NMAPNMAP
NMAP
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 

Ähnlich wie security onion

IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleGregory Hanis
 
Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Laura Arrigo
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk
 
8 Top Cybersecurity Tools.pptx
8 Top Cybersecurity Tools.pptx8 Top Cybersecurity Tools.pptx
8 Top Cybersecurity Tools.pptxMetaorange
 
8 Top Cybersecurity Tools.pdf
8 Top Cybersecurity Tools.pdf8 Top Cybersecurity Tools.pdf
8 Top Cybersecurity Tools.pdfMetaorange
 
Generic Security Framework for Multiple Heterogeneous Virtual Infrastructures
Generic Security Framework for Multiple Heterogeneous Virtual InfrastructuresGeneric Security Framework for Multiple Heterogeneous Virtual Infrastructures
Generic Security Framework for Multiple Heterogeneous Virtual InfrastructuresIJRES Journal
 
SplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunk
 
Network Vulnerability and Patching
Network Vulnerability and PatchingNetwork Vulnerability and Patching
Network Vulnerability and PatchingEmmanuel Udeagha B.
 
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Mobodexter
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Top Cyber Threat Intelligence Tools in 2021.pdf
Top Cyber Threat Intelligence Tools in 2021.pdfTop Cyber Threat Intelligence Tools in 2021.pdf
Top Cyber Threat Intelligence Tools in 2021.pdfinfosec train
 
Network Security & Ethical Hacking
Network Security & Ethical HackingNetwork Security & Ethical Hacking
Network Security & Ethical HackingSripati Mahapatra
 
AKS IT Corporate Presentation
AKS IT Corporate PresentationAKS IT Corporate Presentation
AKS IT Corporate Presentationaksit_services
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
 
ScenarioSummaryIn this lab, you will explore at least one IDS, IP.docx
ScenarioSummaryIn this lab, you will explore at least one IDS, IP.docxScenarioSummaryIn this lab, you will explore at least one IDS, IP.docx
ScenarioSummaryIn this lab, you will explore at least one IDS, IP.docxronnasleightholm
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.pptshreyng
 
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowDr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowNuuko, Inc.
 

Ähnlich wie security onion (20)

IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security Simple
 
Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12
 
UEBA
UEBAUEBA
UEBA
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout Session
 
8 Top Cybersecurity Tools.pptx
8 Top Cybersecurity Tools.pptx8 Top Cybersecurity Tools.pptx
8 Top Cybersecurity Tools.pptx
 
8 Top Cybersecurity Tools.pdf
8 Top Cybersecurity Tools.pdf8 Top Cybersecurity Tools.pdf
8 Top Cybersecurity Tools.pdf
 
Generic Security Framework for Multiple Heterogeneous Virtual Infrastructures
Generic Security Framework for Multiple Heterogeneous Virtual InfrastructuresGeneric Security Framework for Multiple Heterogeneous Virtual Infrastructures
Generic Security Framework for Multiple Heterogeneous Virtual Infrastructures
 
SplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunkLive! - Splunk for Security
SplunkLive! - Splunk for Security
 
Network Vulnerability and Patching
Network Vulnerability and PatchingNetwork Vulnerability and Patching
Network Vulnerability and Patching
 
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 
Cisco NGFW AMP
Cisco NGFW AMPCisco NGFW AMP
Cisco NGFW AMP
 
Top Cyber Threat Intelligence Tools in 2021.pdf
Top Cyber Threat Intelligence Tools in 2021.pdfTop Cyber Threat Intelligence Tools in 2021.pdf
Top Cyber Threat Intelligence Tools in 2021.pdf
 
Network Security & Ethical Hacking
Network Security & Ethical HackingNetwork Security & Ethical Hacking
Network Security & Ethical Hacking
 
AKS IT Corporate Presentation
AKS IT Corporate PresentationAKS IT Corporate Presentation
AKS IT Corporate Presentation
 
Aksit profile final
Aksit profile finalAksit profile final
Aksit profile final
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
 
ScenarioSummaryIn this lab, you will explore at least one IDS, IP.docx
ScenarioSummaryIn this lab, you will explore at least one IDS, IP.docxScenarioSummaryIn this lab, you will explore at least one IDS, IP.docx
ScenarioSummaryIn this lab, you will explore at least one IDS, IP.docx
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.ppt
 
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowDr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should Know
 

Mehr von Boni Yeamin

Mastering LinkedIn - From Profile Setup to Networking Success
Mastering LinkedIn - From Profile Setup to Networking SuccessMastering LinkedIn - From Profile Setup to Networking Success
Mastering LinkedIn - From Profile Setup to Networking SuccessBoni Yeamin
 
Building Active Directory Monitoring with Telegraf, InfluxDB, and Grafana
Building Active Directory Monitoring with Telegraf, InfluxDB, and GrafanaBuilding Active Directory Monitoring with Telegraf, InfluxDB, and Grafana
Building Active Directory Monitoring with Telegraf, InfluxDB, and GrafanaBoni Yeamin
 
Career in Cyber Security - City University.pptx
Career in Cyber Security - City University.pptxCareer in Cyber Security - City University.pptx
Career in Cyber Security - City University.pptxBoni Yeamin
 
Structures in C.pptx
Structures in C.pptxStructures in C.pptx
Structures in C.pptxBoni Yeamin
 
Effective note keeping
Effective note keepingEffective note keeping
Effective note keepingBoni Yeamin
 
Network Operations Center (NOC)
Network Operations Center (NOC)Network Operations Center (NOC)
Network Operations Center (NOC)Boni Yeamin
 
Open Source Cybersecurity Tools
Open Source Cybersecurity ToolsOpen Source Cybersecurity Tools
Open Source Cybersecurity ToolsBoni Yeamin
 
VMware Workstation
VMware WorkstationVMware Workstation
VMware WorkstationBoni Yeamin
 
How to Build Your Linkedin Profile To Get Jobs.pptx
How to Build Your Linkedin Profile To Get Jobs.pptxHow to Build Your Linkedin Profile To Get Jobs.pptx
How to Build Your Linkedin Profile To Get Jobs.pptxBoni Yeamin
 
Boni Yeamin Thesis final_report.pdf
Boni Yeamin Thesis final_report.pdfBoni Yeamin Thesis final_report.pdf
Boni Yeamin Thesis final_report.pdfBoni Yeamin
 
cybersecurity analyst.pptx
cybersecurity analyst.pptxcybersecurity analyst.pptx
cybersecurity analyst.pptxBoni Yeamin
 
Introduction to SOC
Introduction to SOCIntroduction to SOC
Introduction to SOCBoni Yeamin
 

Mehr von Boni Yeamin (12)

Mastering LinkedIn - From Profile Setup to Networking Success
Mastering LinkedIn - From Profile Setup to Networking SuccessMastering LinkedIn - From Profile Setup to Networking Success
Mastering LinkedIn - From Profile Setup to Networking Success
 
Building Active Directory Monitoring with Telegraf, InfluxDB, and Grafana
Building Active Directory Monitoring with Telegraf, InfluxDB, and GrafanaBuilding Active Directory Monitoring with Telegraf, InfluxDB, and Grafana
Building Active Directory Monitoring with Telegraf, InfluxDB, and Grafana
 
Career in Cyber Security - City University.pptx
Career in Cyber Security - City University.pptxCareer in Cyber Security - City University.pptx
Career in Cyber Security - City University.pptx
 
Structures in C.pptx
Structures in C.pptxStructures in C.pptx
Structures in C.pptx
 
Effective note keeping
Effective note keepingEffective note keeping
Effective note keeping
 
Network Operations Center (NOC)
Network Operations Center (NOC)Network Operations Center (NOC)
Network Operations Center (NOC)
 
Open Source Cybersecurity Tools
Open Source Cybersecurity ToolsOpen Source Cybersecurity Tools
Open Source Cybersecurity Tools
 
VMware Workstation
VMware WorkstationVMware Workstation
VMware Workstation
 
How to Build Your Linkedin Profile To Get Jobs.pptx
How to Build Your Linkedin Profile To Get Jobs.pptxHow to Build Your Linkedin Profile To Get Jobs.pptx
How to Build Your Linkedin Profile To Get Jobs.pptx
 
Boni Yeamin Thesis final_report.pdf
Boni Yeamin Thesis final_report.pdfBoni Yeamin Thesis final_report.pdf
Boni Yeamin Thesis final_report.pdf
 
cybersecurity analyst.pptx
cybersecurity analyst.pptxcybersecurity analyst.pptx
cybersecurity analyst.pptx
 
Introduction to SOC
Introduction to SOCIntroduction to SOC
Introduction to SOC
 

Kürzlich hochgeladen

JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 

Kürzlich hochgeladen (20)

JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 

security onion

  • 2. How Security Onion in Linux Distribution For Threat Hunting, Enterprise Security Monitoring, And Log Management. Name Of Our Thesis 01
  • 3. - Introduction - Background study - Literature review - Network security monitor - Why we use security onion - Tools and technologies - Virtualization - Methodology Agenda 02 - Network Traffic Analysis & Monitoring - Malware analysis with security onion - Accomplishment Work - Future Works - Student Motivation (those who study security onion) - Conclusion - Reference
  • 4. Presented By 03 Supervised By CO-Supervised By Mashihoor Rahman Cyber Security Analyst Sahabuddin Lecturer Department of CSE City University Name ID Boni Yeamin 173462012 Nahnudul Hasan Nir Rahim 173462098
  • 5.  Introduction of Security Onion 04 - This work takes a closer look into the functionality and efficiency of a prebuilt, open source, security tool, known as the Security Onion. The Security Onion was selected as the system of choice for this experiment based on the numerous different kinds of tools that are integrated into its design. Many security systems don’t incorporate numerous tools into the design, making it a unique system to analyze. Introduction
  • 6.  Statement of the problem 04 - many organizations fail to provide security with the necessary budget, guidance, or resources. - fully understanding the effectiveness or ineffectiveness of the tool. - utilize a variety of software - firewall - Monitoring and securing a network are a daunting task Introduction
  • 7.  Objective 04 - The objective of this research is to provide a comparative analysis of a device with the Security Onion installed, and one without it. It is to provide users with greater insight into how effective or ineffective a security tool may actually be. This could potentially help them realize, or understand, the pros and cons of a security tool and how secure their network truly is. Introduction
  • 8.  Limitation of the Research 04 - This study is limited to the comparative analysis of the Security Onion, although, there are other opensource security tools available for enterprises to utilize. Moreover, this work attempts to launch attacks on each computer to analyze the effects. However, the complexity of the attacks is restricted and doesn’t include all variations of protentional threats or vulnerabilities. Introduction
  • 9.  Background Related to the problem 04 - The area of cybersecurity has become a growing commodity for companies over the last decades. According to Jeff, there will be a “3.5 million global shortage of cybersecurity professionals by 2022" Cybersecurity Ventures reported that the number of unfilled cybersecurity jobs grew by 350%. The Security Onion allows enterprises to automate and control the security process, which can potentially help a department that is lacking proper man and women power. In addition, it is a cost-effective solution since the software is prebuilt and free. On the surface the Security Onion looks like a promising tool that could solve all of an organization’s security problems. professionals need to be Background study
  • 10.  Literature Study 04 - This section provides additional content relating to the background of the problem; including the primary use of the Security Onion to protect an enterprise’s network. It introduces the common problems or challenges that exist in the security world and the ways in which it impacts a professional’s decisions to use an open-source system, such as the Security Onion. It looks at literature to indicate the current understanding of the system and identify what’s missing. Finally, it introduces the concept of a private network and different types of attacks. Literature review
  • 11.  Literature related problem 04 - The Security Onion is a relatively new concept in the cybersecurity world. When reading through different articles, books, and journals, there seems to be a lack of information relating to the effectiveness or ineffectiveness of the software. There were many pieces of literature relating to the setup of the system and different ways of configuring it to help prevent certain types of attacks. Literature review
  • 12. Why we use security onion 06 - When we talk about develop, then security onion gives them a universal panacea for security. Here the administrator needs to do work with the system to get the maximum result. If the same thing a professional doe, they need the experience and knowledge so that they can completely analyze the alert and take the action based upon the information. - Moreover, most security professionals prefer to make their “roll their own”. This is the version where you can create a mix and match security toolset, and work for them. Since different networks provide different solutions, you need to select the reviewed open-source network security tool. - Depending on the distro, you need to select the security and a professional has to take up the task. If you want a tester for an ethical hacker, then Kali Linux is the best choice for you. If you need to monitor a variety of network traffic and events, then Security
  • 13.  Elasticsearch  Logstash  Squert  Snort  Zeek  Sguil  Kibana  Capme  NetworkMiner  Wazuh Tools and Technologies 23  TheHive  Docker  CyberChife
  • 14. - Security onion is a network security monitoring (NSM) system that provides full context and forensic visibility into the traffic monitors. - Designed to make deploying complex open- source tools simple via a single package - Having the ability to pivot from one tool to the next to seamlessly, provides the most effective collection of network security tools available in a single package - Allows the choice of IDS engines, analysts consoles, web interfaces What is Security Onion 05
  • 15. What is SOC, NMS, SIEM Solution 06 - (SOC) A security operations center is a centralized unit that deals with security issues on an organizational and technical level. - (NMS)Network monitoring systems include software and hardware tools that can track various aspects of a network and its operation, such as traffic, bandwidth utilization, and uptime. These systems can detect devices and other elements that comprise or touch the network, as well as provide status updates. - (SIEM) .Security information and event management technology supports threat detection, compliance and security incident management through the collection and analysis (both near real time and historical) of security events, as well as a wide variety of other event and contextual data sources.
  • 16. Why Open Source 07 - Every company has a unique process for creating reviewing and approving/denying business cases. The path of creating and improving a SOC is challenging and Costly. - Annual operating costs: We are assuming the company has their own management team, Operators, Office supplies and Computers. So, we considering only Software maintenance cost, that is $25,000 and recurring cost can be included. - For a Mid Level company this amount is very large and won’t try to make a SOC for their company.
  • 17. Why IDS/IPS if I have Firewall 08 - In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted network and an untrusted network, such as the Internet. - Intrusion Detection System: An IDS is designed to detect a potential incident, generate an alert, and do nothing to prevent the incident from occurring. - Intrusion Prevention System: An IPS, on the other hand, is designed to take action to block anything that it believes to be a threat to the protected system
  • 18. IDS/IPS if I have Firewall 09 Fig: IDS and IPS
  • 20. Virtualization 11 - In computing, virtualization is the act of creating a virtual version of something, including virtual computer hardware platforms, storage devices, and computer network resources. - There are two virtualization software we are using in this project - 1. VMWare Pro - 2. VM ExSi 7 - In VMware pro machine With the sniffing interface in bridged mode, you will be able to see all traffic to and from the host machine’s physical NIC (network interface control). If we would like to see ALL the traffic on our network, we will need a method of forwarding that traffic to the interface to which the virtual adapter is bridged. This can be achieved with a tap or SPAN port.
  • 21. - Hardware Requirements: Security Onion only supports x86-64 architecture (standard Intel/AMD 64-bit processors). - For all other configurations, the minimum specs for running Security Onion 2 are:  16GB RAM  4 CPU cores  200GB storage System Requirements 12
  • 23. Networking configuration 14 - In computing, virtualization is the act of creating a virtual version of something, including virtual computer hardware platforms, storage devices, and computer network resources. In the given table we show how we configure the network in our test lab Name Network Types IP External internet protocol Public IP 103.102.133.14 Router IP Static IP 192.168.0.1 Vmware machine Host only 192.168.143.0 NAT 192.168.24.0 ESxI 7 IP 192.168.24.128
  • 24. Networking configuration 15 Name Network Types IP Security Onion NAT 192.168.24.255 Bridge 192.168.24.130 Windows 7 NAT 192.168.137.1 Bridge 192.168.24.135 Windows Server 2012 NAT 192.186.137.80 Bridge 192.168.24.132 Kali Linux NAT 192.186.137.48 Bridge 192.168.24.135.129 Ubuntu NAT 192.186.137.17 Bridge 192.168.24.136
  • 25. Installing Security Onion 16 - We install the security onion using ISO image in Vmware pro workstation 1. First we setup VMware settings for security onion as requirement. 2. Then we NAT and bridge the network. 3. Run the Virtual machine and boot up the iso file. 4. Installing the security onion file in graphical mood. 5. For more info we cove a video where we describe all things in detaile.
  • 26. Security Onion Architecture 17 - In computing, virtualization is the act of creating a virtual version of something, including virtual computer hardware platforms, storage devices, and computer network resources.
  • 32. Accomplishment Work 24 - Virtualization - Network configuration - Setup network lab - Setup virtual lab - Setup Security Onion and other OS - Monitoring IDS and IPS
  • 33.  Implementation AWS Cloud AMI  Implementation Azure Cloud Image Future Work 25
  • 34.  In this particular section we will discuss if some one wants to practice or learn about security onion. What will the basic needs for him. We describe in bellow • Need a clear knowledge about virtualization. • Need to know about networking configuration Architecture • Knowledge about IDS, IPS. • Knowledge about NIDS, HIDS, OS detector, NSM. • Knowledge about SOC, SIEM Student Motivation (those who study security onion) 26
  • 35. Conclusion Security Onion is an open-source and free intrusion detection system that is not difficult to turn up. It is an extraordinary instructive device for both students and staff. It is possibly appropriate for ventures with the resources and inclination to maintain and deploy their own monitoring solution and intrusion detection system. In the case of nothing else, turning up a Security Onion test deployment is an incredible method to have something to benchmark. 27
  • 36. Reference  https://docs.securityonion.net/en/2.3/  Introduction to Security Onion: https://www.researchgate.net/publication/304200311_Introduction_to_Security_Onio n  Bugs in Security Onio: https://www.researchgate.net/publication/355978629_Bugs_in_Security_Onion 28