Security Onion is a great Linux distribution built for Network Security Monitoring (NSM). This course will teach you the technical aspects of NSM, as well as the triage process that must be followed, using simulated attacks.
Network security monitoring is a skill that is at the core of the broad set of skills security professionals can master to prevent, detect, and respond to attacks which are so common today. In this course, Network Security Monitoring (NSM) with Security Onion, you will learn about network security monitoring as well as how to use Security Onion to perform network security monitoring. First, you will learn what NSM is. Next, you will explore where you can deploy network sensors, how to handle the triage process by generating real attacks, how to detect attacks, and how to deploy and operate a Security Onion environment. Finally, you will discover how you can perform network security monitoring in a production environment, and how to deploy your own Security Onion environment and generate attacks to dissect with it. By the end of this course, you will have everything you need to further improve your skills as a security analyst, security engineer, or security architect. These skills are easily transferable to other network security monitoring products, such as commercial ones commonly found in the enterprise.
Guillaume Ross is an experienced information security professional, providing services to many organizations as the lead consultant and founder of Caffeine Security Inc.
Section Introduction Transcripts
Section Introduction Transcripts
Course Overview Hi everyone, my name is Guillaume Ross, and welcome to my course, Network Security Monitoring with Security Onion. I'm a security consultant at Caffeine Security. As a consultant, I've helped many companies improve their security program by doing things such as network security monitoring. In this course, we're going to learn about network security monitoring, as well as how to use Security Onion to perform network security monitoring. Some of the major topics that we will cover include what network security monitoring is, where and how to deploy Security Onion network centers, generating and importing real attack data into Security Onion, analyzing and performing triage of security events. So we're basically going to use this great, free, and open source technology that Security Onion is to learn network security monitoring principles, and to learn what the process for network security monitoring should be. Most of the things that you will learn in this course that are not directly related to Security Onion, will be as applicable to any other commercial or open source network security monitoring tool you'll find out there. By the end of this course, you'll be able to perform network security monitoring, as well as to deploy and use Security Onion. Before beginning this course, you should be familiar with network security fundamentals, as well as the basics of using Linux and virtual machines. I hope you'll join me on this journey to learn network security monitoring with the Network Security Monitoring with Security Onion course at Pluralsight.
What Is Security Onion? Okay, now that we've discussed some theory behind network security monitoring and placement options, we're ready to dig into Security Onion itself. So in this module we're going to talk about what Security Onion is, we're going to install Security Onion in a virtual machine, and this is a virtual machine that we'll keep for the next module when we will simulate attacks and analyze them with Security Onion. We're going to look at the different tools that come with Security Onion, like Snort, Suricata, Bro, Netsniff, Elastic and more, and we're going to look at how Security Onion could help a company like Globomantics, in our scenarios, improve their security, because technology is nice, technology can be fun, it's cool, but the point here is really to see how we can use it to improve information security for a company like Globomantics. So we've discussed the different deployment models that Security Onion had a little bit while we were discussing placement options. Basically, there's a standalone mode where everything is included in the same system, so that's ideal for a small lab, and that is what we are going to use for our lab environment. We also have a production server distributed deployment mode, that's what you would typically use in a larger environment or a production environment where the sensors are separate from the analysis tools. That way you can install only what you need at the sensor, install the centralized logging elsewhere, and the tools to monitor all of that separately on what Security Onion calls the Analyst VM. So Security Onion is a Linux distribution that is based on Ubuntu, and once you install it you get to pick what deployment model you want to use. So at it's core it is just a Linux distribution. What makes it really interesting is all the services that are bundled on it, as well as the different tools to orchestrate their deployment.