Centralized monitoring and intrusion detection

Alarm System

On the Desktop

The desktop version [16] of Security Onion (still labeled experimental) can be installed from the ISO image. It uses a heavily modified Gnome desktop on Oracle Linux 9.2. Besides the Chromium web browser, it only offers Wireshark and NetworkMiner as graphical tools for forensic work on the network.

You can set up the desktop version independently of the standard version. It only requires a minimum 50GB of free space on the local mass storage device. You can also install the desktop manually by typing

sudo so-desktop-install

at the prompt after completing the system configuration. The required packages are then preconfigured in your Security Onion installation.

After restarting and authenticating, you are taken to the graphical desktop where you can access the Security Onion Console in a web browser. The two graphical tools already mentioned are also available.

Conclusions

Security Onion is a powerful tool for data analysis and intrusion detection on the network. That said, Security Onion's complex structure means that the suite requires substantial hardware resources; deployment only makes sense in larger IT infrastructures. The developers therefore explicitly recommend purchasing new hardware for the security suite and offer their own appliances for customized application profiles in a web store.

Getting started with the system is quite complicated; Security Onion is not something for hobby admins. Although the extensive and very detailed documentation flattens out the learning curve, it will still take you some time. The rapid release cycle of new versions is also a point of criticism. The project publishes more-or-less complete versions on its GitHub page virtually every week, typically prompting the need for hotfixes just a few days later. It would make more sense for the developers to test their software more thoroughly before releasing it and to avoid annoying users with images and scripts that do not work properly.

The Author

Erik Bärwaldt is a self-employed IT admin and technical author living in United Kingdom. He writes for several IT magazines.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus