Security Onion Intrusion Detection System Setup Tutorial

Wednesday, January 25, 2012

Security Onion is one of my favorite tools. Doug Burks did an amazing job pulling many of the top open source Network Security Monitoring (NSM) and Intrusion Detection System (IDS) programs.

You can run Security Onion in Live CD mode, or you can install it and run it off of your hard drive.

It’s based on Xubuntu 10.04 and contains a ton of programs including Snort, Suricata, Sguil, Squert, argus, Xplico, tcpreplay, scapy, hping, and many other security tools.


Sounds complicated right?

Well, Doug has done the hard work in pulling all these tools together into an easy to use Linux distribution. Run this on a system that has two network cards and you have a complete NSM/IDS system.

One NIC connects to your network or the internet side of your traffic and records and monitors every packet that comes in or goes out of your system.

The second NIC connects to your LAN side and can be used to remotely view and monitor intrusion attempts and security threats.

The exceptional basic setup video above was created by Adrian Crenshaw aka “Irongeek”. Adrian has always done an amazing job passing on information on the latest security tools and techniques. has a ton of videos and security how too’s, check it out!

Cross-posted from Cyber Arms

Possibly Related Articles:
Snort Tools Linux Network Security IDS/IPS Network Security Monitoring Security Onion Video Dan Dieterle Tutorial Xubuntu Doug Burks
Post Rating I Like this!
Thu Nguyen Could you please tell the different between Security Onion and Ossim (Alientvault)? My first impression is it's simpler.
Chris Blask @Thu - I've taken a look at Security Onion and it is pretty cool, Doug and the folks have done good stuff. But it is not an Apples-Apples comparison to OSSIM. From what I can tell of Security Onion, it doesn't have the level of integration as OSSIM, or the correlation engine. OSSIM is a more a "single tool", while Security Onion is more a toolkit.

On the other hand, for the average security engineer Security Onion might be a simpler toolkit for pen testing and other tactical work.

I will be interested to learn more about it and see where it goes.