Post on 15-Apr-2017
transcript
Security Onion: Watching for Leeks
Building a home network security monitor
YSWIDT?
How many devices are on your home network?
Routers/Switches
Computers
Phones
Tablets
Roku/AppleTV/FireStick/ChromeCast/Smart TVs
Internet of Things Devices
Do you have a good handle on what these systems are doing?
Data leakage
Compromised systems
Privacy concerns
Parental monitoring
-Countless Lame Infomercials
“There’s got to be a better way.”
Let’s build a home network security monitor
Requirements
Cheap - Needs to be low cost/free and run on commodity hardware
Easy - This is to monitor a home network for increased security. Not to become a second job. #lazyhacker
Enter Security Onion
Security Onion
Security Onion is a Linux distro for intrusion detection, network security
monitoring, and log management. http://blog.securityonion.net/
https://security-onion-solutions.github.io/security-onion/
Features
Full Packet Capture - Using netsniff-ng SO can perform full packet capture and store as much as your storage allows
NIDS - Both signature based (Snort / Suricata) and analysis based (Bro)
HIDS - Uses OSSEC to track system level indicators
Various Tools for analyzing all this data:
Squil, Squert, Snorby, ELSA, Xplico, NetworkMiner
You were saying this would be easy?
https://webbreacher.wordpress.com/2014/05/26/home-internet-security-setting-up-the-onion/
https://webbreacher.wordpress.com/2014/05/26/home-internet-security-setting-up-the-onion/
https://webbreacher.wordpress.com/2014/05/26/home-internet-security-setting-up-the-onion/
Isn’t this expensive enterprise level stuff?
How do I get it?
Download the ISO image and “NextNextNext” through the install and setup (Easiest)
Add the appropriate repositories to Ubuntu 12.04 or 14.04 and apt-get the install
Recommend ntopng
Recommend ntopng
References
https://github.com/Security-Onion-Solutions/security-onion/wiki
https://www.bro.org/
http://suricata-ids.org/
http://www.ntop.org/products/traffic-analysis/ntop/