Tuesday, May 24, 2011

Security Onion Success Stories

I received a couple of Security Onion Success Stories recently.  I appreciate Brett S. and Gene A. taking the time to say thanks.   It's a great source of encouragement and motivation for me to continue with the project.  If you would like to share your Security Onion Success Story, please post it in the Comments section.  Thanks!

I wanted to thank you for providing Security Onion and maintaining it
so diligently.  I was a faculty advisor for the U.S. Coast Guard's
Cyber Defense Exercise this year.  Every year, the service academies
set up their networks and have NSA's red team try to bring down
servers and steal information.  For Coast Guard, the team is recruited
from the members of the only Networks course.

It was my first year with the cadets, and I had realized early that
the team had no IDS experience, and was thoroughly swamped just trying
to get the network up and running.  Security Onion to the rescue --
requiring just a few of the less experienced members with some
guidance, we were able to watch the more obvious attacks from outside
the firewall as well as the false positives from the exercise scoring
software.  It really was educational for the group -- rather than just
wondering what hit us, there was ample information in near real time
to figure out what was happening.   Knowing how to respond is another
story, of course.

 In the end, Coast Guard placed 3rd, which is pretty good given the
size and amount of resources available compared to Air Force and
Army.  Some of the team have expressed interest in getting more
involved with configuration and fine-tuning Snort next year, because
they had first-hand experience with how it behaved under basic

Thanks again for providing such a useful tool -- it significantly
enhanced the educational impact of the exercise.

Brett S.

Doug, Brett, It wasn't just the USCG that was using Security Onion during the CDX.  We here at the Naval Postgraduate School also used Security Onion as a quick and easy IDS solution.  Of all the tools we employed during the exercise Security Onion was by far the easiest to get up and running and provided us with a great insight into the attacks used during the exercise. 
 Great job, Doug!  Keep up the good work.
Gene A. 

Monday, May 2, 2011

Security Onion featured in ISSA Journal

I always look forward to Russ McRee's Toolsmith column in the ISSA Journal.  This month's Toolsmith column features Security Onion!  Russ, thanks for the article and your kind words!