security onion: watching for leeks

23
Security Onion: Watching for Leeks Building a home network security monitor YSWIDT?

Upload: kory-kyzar

Post on 15-Apr-2017

97 views

Category:

Technology


3 download

TRANSCRIPT

Page 1: Security Onion: Watching for Leeks

Security Onion: Watching for Leeks

Building a home network security monitor

YSWIDT?

Page 2: Security Onion: Watching for Leeks

How many devices are on your home network?

Routers/Switches

Computers

Phones

Tablets

Roku/AppleTV/FireStick/ChromeCast/Smart TVs

Internet of Things Devices

Page 3: Security Onion: Watching for Leeks

Do you have a good handle on what these systems are doing?

Data leakage

Compromised systems

Privacy concerns

Parental monitoring

Page 4: Security Onion: Watching for Leeks

-Countless Lame Infomercials

“There’s got to be a better way.”

Page 5: Security Onion: Watching for Leeks

Let’s build a home network security monitor

Requirements

Cheap - Needs to be low cost/free and run on commodity hardware

Easy - This is to monitor a home network for increased security. Not to become a second job. #lazyhacker

Page 6: Security Onion: Watching for Leeks

Enter Security Onion

Page 7: Security Onion: Watching for Leeks

Security Onion

Security Onion is a Linux distro for intrusion detection, network security

monitoring, and log management. http://blog.securityonion.net/

https://security-onion-solutions.github.io/security-onion/

Page 8: Security Onion: Watching for Leeks

Features

Full Packet Capture - Using netsniff-ng SO can perform full packet capture and store as much as your storage allows

NIDS - Both signature based (Snort / Suricata) and analysis based (Bro)

HIDS - Uses OSSEC to track system level indicators

Various Tools for analyzing all this data:

Squil, Squert, Snorby, ELSA, Xplico, NetworkMiner

Page 9: Security Onion: Watching for Leeks
Page 10: Security Onion: Watching for Leeks
Page 11: Security Onion: Watching for Leeks
Page 12: Security Onion: Watching for Leeks

You were saying this would be easy?

Page 13: Security Onion: Watching for Leeks

https://webbreacher.wordpress.com/2014/05/26/home-internet-security-setting-up-the-onion/

Page 14: Security Onion: Watching for Leeks

https://webbreacher.wordpress.com/2014/05/26/home-internet-security-setting-up-the-onion/

Page 15: Security Onion: Watching for Leeks

https://webbreacher.wordpress.com/2014/05/26/home-internet-security-setting-up-the-onion/

Page 16: Security Onion: Watching for Leeks

Isn’t this expensive enterprise level stuff?

Page 17: Security Onion: Watching for Leeks
Page 18: Security Onion: Watching for Leeks
Page 19: Security Onion: Watching for Leeks

How do I get it?

Download the ISO image and “NextNextNext” through the install and setup (Easiest)

Add the appropriate repositories to Ubuntu 12.04 or 14.04 and apt-get the install

Page 20: Security Onion: Watching for Leeks

Recommend ntopng

Page 21: Security Onion: Watching for Leeks

Recommend ntopng

Page 22: Security Onion: Watching for Leeks

References

https://github.com/Security-Onion-Solutions/security-onion/wiki

https://www.bro.org/

http://suricata-ids.org/

http://www.ntop.org/products/traffic-analysis/ntop/

Page 23: Security Onion: Watching for Leeks

Questions?

Kory Kyzar [email protected]

@0xktwo