Linux Distro: Security Onion

This article is aimed to Pentesters and Security Auditors.
Security Onion is a Linux distro that contains software used for installing, configuring, and testing Intrusion Detection Systems. It is based on Xubuntu 10.04 and contains: Snort, Suricata, Sguil, Squert, Xplico, Nmap, Scapy, Hping, Netcat, Tcpreplay and many other security tools.

This linux distro is distribute in ISO file (1,2 Gb), it can be used like you want:  DVD-Live, VMware machine, in USB drive or, even, install on hard drive.

 Main Security Tools Description

Now I going to describe the main security tools.

SNORT:  is an open source network intrusion prevention and detection system (IDS/IPS). Combining the benefits of signature, protocol, and anomaly-based inspection.

SURICATA: is a open source next generation Intrusion Detection and Prevention Engine owned by OISF. The Open Information Security Foundation (OISF) is a non-profit foundation organized to build a next generation IDS/IPS engine. The OISF has formed a multi-national group of the leading software developers in the security industry.

SGUIL: is an intuitive GUI that provides access to realtime events, session data, and raw packet captures. Sguil facilitates the practice of Network Security Monitoring and event driven analysis. Is an Analyst Console for Network Security Monitoring (NSM).

SQUERT: is a web application that is used to query and view event data stored in a Sguil database (typically IDS alert data). Squert is a visual tool that attempts to provide additional context to events through the use of metadata, time series representations and weighted and logically grouped result sets.

XPLICO: is a Internet Traffic Decoder (Network Forensic Analysis Tool). The goal of Xplico is extract from an internet traffic capture the applications data contained. Is a powerful tools for analyzing and interpreting the data captured (Network Monitoring) and shows us in a simple and easy way. With this tools you can analyzed the data more faster than other tools, because you can access to the analyzed data brownsing in graphics views. Usually, xplico is used in Network Forensic Analysis.

Although the distro includes two IDS engine, you can choose what engine want to use in the setup process.

Other Security Tools List

Snort, Suricata, Sguil, Squert, Xplico, Nmap, Scapy, Hping, Netcat, Tcpreplay, Metasploit, Armitage, OSSEC, ngrep, argus, tcpxtract, tcpdump, tshark, wireshark, hping3, vortex, chaosreader, inundator, ostinato, etc ...

What can it be used for? 

  • Security Onion can be used for Intrusion Detection. Simply boot the DVD, double-click the Setup desktop shortcut, and follow the prompts.
  • Security Onion can be used to test an Intrusion Detection System. Simply boot the DVD and use the included tools (such as nmap, scapy, hping, metasploit, and others) to test your existing IDS or to test the included Snort and Suricata IDS/IPS engines.

This linux distro is a great set of tools for Pentester or Security Auditors, specially in a Network Intrusion scene.

I recommend to try it.

For more Information and excellent review (only Spanish) click the following links:

0 comentarios:

Publicar un comentario