This article is aimed to Pentesters and Security Auditors.
Security Onion is a Linux distro that contains software used for installing, configuring, and testing Intrusion Detection Systems. It is based on Xubuntu 10.04 and contains: Snort, Suricata, Sguil, Squert, Xplico, Nmap, Scapy, Hping, Netcat, Tcpreplay and many other security tools.
This linux distro is distribute in ISO file (1,2 Gb), it can be used like you want: DVD-Live, VMware machine, in USB drive or, even, install on hard drive.
Main Security Tools Description
Now I going to describe the main security tools.
SQUERT: is a web application that is used to query and view event data stored in a Sguil database (typically IDS alert data). Squert is a visual tool that attempts to provide additional context to events through the use of metadata, time series representations and weighted and logically grouped result sets.
Although the distro includes two IDS engine, you can choose what engine want to use in the setup process.
Other Security Tools List
Snort, Suricata, Sguil, Squert, Xplico, Nmap, Scapy, Hping, Netcat, Tcpreplay, Metasploit, Armitage, OSSEC, ngrep, argus, tcpxtract, tcpdump, tshark, wireshark, hping3, vortex, chaosreader, inundator, ostinato, etc ...
What can it be used for?
- Security Onion can be used for Intrusion Detection. Simply boot the DVD, double-click the Setup desktop shortcut, and follow the prompts.
- Security Onion can be used to test an Intrusion Detection System. Simply boot the DVD and use the included tools (such as nmap, scapy, hping, metasploit, and others) to test your existing IDS or to test the included Snort and Suricata IDS/IPS engines.
This linux distro is a great set of tools for Pentester or Security Auditors, specially in a Network Intrusion scene.
I recommend to try it.
For more Information and excellent review (only Spanish) click the following links:
- Security Onion Presentation [Google DOC- English]
- http://seguridadyredes.wordpress.com [Spanish]
- http://seguridadyredes.wordpress.com/2011/02/14/snort-security-onion-live-sguil-squert-y-suricata-todo-en-uno-parte-i/ [Spanish review]