Friday, October 29, 2010
Security Onion: Setup Script
Tuesday, October 19, 2010
Decoding Javascript Hex Encoding
Sunday, October 17, 2010
CISSP Resources: Cryptography
"CrypTool is a free, open-source e-learning application, used worldwide in the implementation and analysis of cryptographic algorithms. It supports both contemporary teaching methods at schools and universities as well as awareness training for employees and civil servants. "
-- http://www.cryptool.com/
Saturday, October 16, 2010
SSL Decryption using Tshark
Wednesday, October 13, 2010
CISSP Resources
Congratulations to the latest SANS GSEs!
Tuesday, October 12, 2010
Security Onion Live: 20101010 Edition!
The Security Onion LiveDVD is a bootable DVD that contains software used for installing, configuring, and testing Intrusion Detection Systems.
What software does it contain?
The Security Onion LiveDVD is based on Xubuntu 10.04 and contains Snort, Suricata, Sguil, Xplico, nmap, scapy, hping, netcat, tcpreplay, and many other security tools.
What can it be used for?
* The Security Onion LiveDVD can be used for Intrusion Detection. The Snort and Sguil daemons are automatically started on boot, listening on eth0 for any suspicious traffic and creating alerts in the Sguil database. Simply double-click the Sguil desktop shortcut to launch the GUI and view/investigate the alerts.
* The Security Onion LiveDVD can be used to test an Intrusion Detection System. Simply boot the DVD and use the included tools (such as nmap, scapy, hping, metasploit, and others) to test your existing IDS or to test the included Snort and Suricata IDS/IPS engines.
* The Security Onion LiveDVD can be used to install an Intrusion Detection System. Simply boot the DVD and double-click the Install desktop shortcut. For more information about installation, please see the "Installing to Hard Drive" section below.
System Requirements
512MB RAM is a minimum. 1GB or more is recommended.
Sguil
Here are the credentials to login to Sguil:
Username: sguil
Password: password
NOTE! It's "sguil" with a 'g', NOT a 'q'!
Disclaimer of Warranty
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM .AS IS. WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
Limitation of Liability
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Installing to Hard Drive
You can use the Install shortcut on the Desktop to install Security Onion to your hard drive. Once you've completed the installation process and have rebooted into your new installation, you will want to:
* Install any available Ubuntu updates.
* Run the Setup desktop shortcut to:
Extra Packages installed from repositories
apache2.2-common argus-client argus-server autopsy bison bittwist build-essential chaosreader chkconfig chkrootkit cryptcat curl daemonlogger dcfldd ddrescue driftnet dsniff ettercap-gtk flawfinder flex foremost fwsnort ghex gpart gparted hping3 httptunnel hunt ifenslave-2.6 iisemulator inundator iptraf john labrea lame lfhex libapache2-mod-php5 libcap-ng-dev libcrypt-ssleay-perl libdumbnet-dev liblua5.1-0-dev libncurses5 libncurses5-dev libnet1-dev libnetfilter-queue-dev libnetfilter-queue1 libnfnetlink-dev libnfnetlink0 libnids-dev libpcap-dev libpcre3-dev libreadline6-dev libsqlite3-ruby libssl-dev libyaml-dev md5deep mtr mysql-server netsed netsniff-ng ngrep nmap ntp oinkmaster ophcrack ostinato p0f php5-cli php5-common php5-sqlite pkg-config pbnj pscan ptunnel python-all python-dev python-scapy rats recode remastersys ruby scanmem sdd sleuthkit sniffit sox splint ssdeep ssldump sslsniff sqlite steghide subversion tcl8.3 tcpick tcpreplay tcpslice tcpstat tcpxtract tct testdisk traceroute tshark udptunnel unhide uuid uuid-dev xtightvncviewer xprobe yersinia zenmap zlib1g-dev zenmap zlib1g-dev
Extra Packages installed from other sources
Snort
Suricata
Vortex IDS
Bro IDS
ABCIP
Dumbpig
NSMnow (includes Sguil, Barnyard2, Sancp, etc)
Xplico
Sunday, October 10, 2010
Greater Augusta ISSA 2010 Q4 Public Meeting: Doug Burks presents "Security Onion: Intrusion Detection for your Network in Minutes"
Please join us at the Greater Augusta ISSA Q4 meeting on Thursday, October 28. This is our last public meeting of 2010! I will be presenting "Security Onion: Intrusion Detection for your Network in Minutes". Security Onion is a project that I've been working on for the past few years. Its goal is to provide a pre-configured Intrusion Detection environment that can be downloaded for free and put to use in your network in less than an hour. It's based on Xubuntu 10.04 and contains Snort, Suricata, Sguil, Xplico, Vortex IDS, Bro IDS, Chaosreader, driftnet, hping3, scapy, Wireshark, and many other tools. Come see what Security Onion can do for you!
What: The Greater Augusta ISSA 2010 Q4 Public meeting: Doug Burks presents "Security Onion: Intrusion Detection for your Network in Minutes"
How: This is a FREE public meeting. Please confirm your reservation by sending an email to reservations@augusta.issa.org
When: Thursday October 28 9:00 - 11:00 AM
Where:
University Hall room 242
Augusta State University
2500 Walton Way
Augusta, GA 30904
http://www.aug.edu/public_relations/pr_map_campus.htm
On the morning of the presentation, don't forget to swing by the ASU Public Safety office to get a visitor pass for the parking lot. The Public Safety office is in the back corner of the campus. You can see it at the bottom-left of this map:
http://www.aug.edu/public_relations/asumap/images/PARKINGMAP1008PR.jpg
Speaker Bio
Doug Burks has over 10 years experience in Information Security. He has a Bachelor's degree in Computer Science and also holds the GSE, GPEN, GCIA Gold, GSEC, and CISSP certifications. Doug has worked in many organizations over the years, including government facilities, chemical plants, and the media industry. He excels at providing secure solutions for any environment using a budget of any size. Doug is the author of Security Onion Live (http://code.google.com/p/security-onion/ ), a free bootable DVD that contains many security tools. You can read more about Doug by visiting his blog athttp://securityonion.blogspot.com/.
Search This Blog
Featured Post
Security Onion 2.4.110 Hurricane Helene Edition now available including new AI Summary feature and much more!
Hurricane Helene Update On Friday, September 27, Hurricane Helene hit Augusta GA. All of our team members are safe, but many folks had signi...
Popular Posts
-
Introduction Recent events have forced us to change course on the base operating system (OS) for Security Onion 2.4. On 6/21/2023, Red Hat ...
-
Thanks to all who attended the Zeek webinar on May 27! For those weren't able to join, the recording should be available soon and we wi...
-
After more than 12 months of development, 3 Beta releases, and 2 Release Candidates, we are thrilled to announce that Security Onion 2.4 has...
Blog Archive
- October 2024 (3)
- September 2024 (16)
- August 2024 (3)
- July 2024 (7)
- June 2024 (5)
- May 2024 (2)
- April 2024 (7)
- March 2024 (5)
- February 2024 (3)
- January 2024 (3)
- December 2023 (15)
- November 2023 (27)
- October 2023 (18)
- September 2023 (3)
- August 2023 (8)
- July 2023 (4)
- June 2023 (3)
- May 2023 (2)
- April 2023 (4)
- March 2023 (4)
- February 2023 (5)
- January 2023 (3)
- December 2022 (5)
- November 2022 (2)
- October 2022 (9)
- September 2022 (3)
- August 2022 (8)
- July 2022 (7)
- June 2022 (9)
- May 2022 (14)
- April 2022 (7)
- March 2022 (6)
- February 2022 (11)
- January 2022 (12)
- December 2021 (19)
- November 2021 (25)
- October 2021 (22)
- September 2021 (23)
- August 2021 (30)
- July 2021 (13)
- June 2021 (4)
- May 2021 (3)
- April 2021 (4)
- March 2021 (7)
- February 2021 (5)
- January 2021 (4)
- December 2020 (13)
- November 2020 (5)
- October 2020 (12)
- September 2020 (3)
- August 2020 (6)
- July 2020 (8)
- June 2020 (5)
- May 2020 (9)
- April 2020 (11)
- March 2020 (7)
- February 2020 (4)
- January 2020 (1)
- December 2019 (6)
- November 2019 (4)
- October 2019 (8)
- September 2019 (7)
- August 2019 (7)
- July 2019 (4)
- June 2019 (7)
- May 2019 (20)
- April 2019 (8)
- March 2019 (7)
- February 2019 (7)
- January 2019 (12)
- December 2018 (12)
- November 2018 (13)
- October 2018 (10)
- September 2018 (4)
- August 2018 (16)
- July 2018 (11)
- June 2018 (13)
- May 2018 (4)
- April 2018 (11)
- March 2018 (9)
- February 2018 (10)
- January 2018 (9)
- December 2017 (7)
- November 2017 (7)
- October 2017 (9)
- September 2017 (4)
- August 2017 (7)
- July 2017 (5)
- June 2017 (8)
- May 2017 (4)
- April 2017 (2)
- March 2017 (1)
- February 2017 (3)
- January 2017 (15)
- December 2016 (9)
- November 2016 (3)
- October 2016 (5)
- September 2016 (13)
- August 2016 (12)
- July 2016 (10)
- June 2016 (7)
- May 2016 (7)
- April 2016 (7)
- March 2016 (10)
- February 2016 (13)
- January 2016 (10)
- December 2015 (1)
- November 2015 (1)
- October 2015 (3)
- September 2015 (5)
- August 2015 (7)
- July 2015 (7)
- June 2015 (12)
- May 2015 (6)
- April 2015 (6)
- March 2015 (6)
- February 2015 (10)
- January 2015 (11)
- December 2014 (5)
- November 2014 (3)
- October 2014 (6)
- September 2014 (20)
- August 2014 (7)
- July 2014 (10)
- June 2014 (10)
- May 2014 (3)
- April 2014 (9)
- March 2014 (6)
- February 2014 (9)
- January 2014 (8)
- December 2013 (5)
- November 2013 (2)
- October 2013 (7)
- September 2013 (5)
- August 2013 (7)
- July 2013 (9)
- June 2013 (7)
- May 2013 (11)
- April 2013 (3)
- March 2013 (3)
- February 2013 (3)
- January 2013 (3)
- December 2012 (3)
- November 2012 (1)
- October 2012 (1)
- September 2012 (1)
- August 2012 (2)
- May 2012 (4)
- April 2012 (6)
- March 2012 (8)
- February 2012 (4)
- January 2012 (13)
- December 2011 (9)
- November 2011 (8)
- October 2011 (8)
- September 2011 (8)
- July 2011 (4)
- June 2011 (5)
- May 2011 (2)
- April 2011 (1)
- February 2011 (1)
- January 2011 (11)
- November 2010 (4)
- October 2010 (8)
- August 2010 (1)
- July 2010 (2)
- June 2010 (1)
- May 2010 (1)
- April 2010 (2)
- February 2010 (3)
- January 2010 (1)
- September 2009 (1)
- August 2009 (3)
- July 2009 (4)
- June 2009 (3)
- May 2009 (1)
- April 2009 (8)
- February 2009 (1)
- January 2009 (9)
- November 2008 (2)
- October 2008 (4)
- September 2008 (3)