Security Onion tutorial: Analyze network traffic using Security OnionDate: Aug 26, 2013
Achieving visibility into enterprise network traffic is one of the most fundamental aspects of any infosec pro's job. For those fortunate enough to work at organizations with hefty security budgets, there are plenty of powerful (and costly) tools available from vendors that can make analyzing network traffic a relatively painless task. However, many security pros working at either cash-strapped large enterprises or small and medium-sized businesses that tend to lack security funding still need a way to sniff out malicious traffic on the network.
How do budget-challenged organizations go about performing this essential security task without breaking the bank? By using Security Onion, a free and open source collection of network monitoring tools from Doug Burks.
In this SearchSecurity screencast, Keith Barker, a Certified Information Systems Security Professional (CISSP) and trainer for CBT Nuggets LLC, provides a Security Onion tutorial, demonstrating how even the most budget-conscious organizations can analyze network traffic using the likes of Squil, Snorby and ELSA.
First, Keith reviews how to set up Security Onion so it can receive all network traffic. Once in place, he uses Squil to delve into his own network packet data, including source ports, destination ports, IP addresses and other details. Squil can also be used to do reverse DNS lookups, track down information regarding the owners of IP address blocks and gain more insight into conversations happening on the network.
Keith then runs through the capabilities of Snorby, a Web application that operates with some of the most popular intrusion detection systems. Snorby can provide a high-level overview of network security events based on severity, and provide information on any signatures that were triggered. Finally, he demonstrates ELSA, a tool that enables security pros to search through billions of log files for specific attributes and elements. Security Onion contains even more free and open source tools beyond what Keith covers, providing a powerful network security monitoring option for organizations of all sizes.
About CBT Nuggets
CBT Nuggets is a computer-based technology company specializing in cutting-edge online IT training. Founded in 1999 by current CEO Dan Charbonneau, CBT Nuggets provides quick, easy and affordable learning by renowned instructors for individuals, small teams and large organizations. CBT Nuggets also offers free videos on a variety of IT topics on the CBT Nuggets YouTube video channel.
About Keith Barker
Keith Barker, CISSP, a trainer for CBT Nuggets, and has more than 27 years of IT experience. He is a double CCIE and has been named a Cisco Designated VIP. Keith is also the author of numerous Cisco Press books and articles.