Wubi Posted September 28, 2012 Report Posted September 28, 2012 TekTip - Ep9 - The Security Onion: created by Doug BurksSecurity OnionDescription: Security Onion is a Linux distro for IDS (Intrusion Detection) and NSM (Network Security Monitoring). It's based on Xubuntu 10.04 and contains Snort, Suricata, Sguil, Squert, Snorby, Bro, NetworkMiner, Xplico, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!Security Onion is THE distro for Network Monitoring in the same way that Backtrack is for pentesting.Uses: Malware analysis, signature developement, honeynet/lab, home or small office.1. Download iso and install.*Need a GB of RAM per interface you are monitoring**Installation is quick. Less then 10 minutes***Currently based off of 10.04. Roadmap shows 64 bit based on 12.04 should be out soon.2. If using Quick Mode installaion, TSO will monitor all interfaces3. Monitor a network, or generate traffic. You can find tons of pcaps to replay at: https://code.google.com/p/security-onion/wiki/Pcapstcpreplay -i eth0 -t /tmp/bittorent.pcap-i : use this option to select the interface to replay the traffic to.-t: use this option to replay the packets as fast as possiblethen select your pcap, cap, dump, or log1aN0rmus@tekdefense.comww.tekdefense.comSursa YouTube Quote
