I received a couple of Security Onion Success Stories recently. I appreciate Brett S. and Gene A. taking the time to say thanks. It's a great source of encouragement and motivation for me to continue with the project. If you would like to share your Security Onion Success Story, please post it in the Comments section. Thanks!
Doug, I wanted to thank you for providing Security Onion and maintaining it so diligently. I was a faculty advisor for the U.S. Coast Guard's Cyber Defense Exercise this year. Every year, the service academies set up their networks and have NSA's red team try to bring down servers and steal information. For Coast Guard, the team is recruited from the members of the only Networks course. It was my first year with the cadets, and I had realized early that the team had no IDS experience, and was thoroughly swamped just trying to get the network up and running. Security Onion to the rescue -- requiring just a few of the less experienced members with some guidance, we were able to watch the more obvious attacks from outside the firewall as well as the false positives from the exercise scoring software. It really was educational for the group -- rather than just wondering what hit us, there was ample information in near real time to figure out what was happening. Knowing how to respond is another story, of course. In the end, Coast Guard placed 3rd, which is pretty good given the size and amount of resources available compared to Air Force and Army. Some of the team have expressed interest in getting more involved with configuration and fine-tuning Snort next year, because they had first-hand experience with how it behaved under basic defaults. Thanks again for providing such a useful tool -- it significantly enhanced the educational impact of the exercise. Brett S.
Doug, Brett, It wasn't just the USCG that was using Security Onion during the CDX. We here at the Naval Postgraduate School also used Security Onion as a quick and easy IDS solution. Of all the tools we employed during the exercise Security Onion was by far the easiest to get up and running and provided us with a great insight into the attacks used during the exercise. Great job, Doug! Keep up the good work. Sincerely,