Using Security Onion

Snort itself isn't terribly difficult to set up. However, if you're doing everything manually, it can be a bit tedious by the time you've set up the control console, the sensors, and your choice of graphical frontends. So – and imagine me peering at you over my dark glasses as I say this – what if I told you that you can get your Snort set up as part of a ready-to-go appliance? What if I told you that setting up such an appliance is an absolute breeze? I imagine that you'd probably say, So, show me already!

If you feel bad about cheating by making Snort deployment so easy, there's really no need to. An official Snort representative once told me that most people deploy Snort in this manner.

Security Onion is a free-of-charge specialty Linux distro that's built on top of the Xubuntu Long-term Support (LTS) distro. It includes a full implementation of Snort, complete with just about every graphical goody you can imagine to help you visualize what's happening on your network. It also comes with Suricata, which is another free open source IDS. If you can install a Linux distro and do some point-and-click configuration after the installation, then you can install Security Onion.

Note that the Xubuntu LTS version that Security Onion is based on is always at least one version behind the current LTS version of Xubuntu. At the time of writing, the current Xubuntu LTS version is version 18.04, whereas Security Onion is still based on Xubuntu 16.04. However, that may change by the time you read this book.

Also, if you want to try out Security Onion, you can set it up in a VirtualBox virtual machine. When you create the virtual machine, set it up with two network adapters, both in Bridged mode. For best performance, allocate at least 3 GB of memory.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.147.89.85