Monday, January 10, 2011

Security Onion - Ubuntu-based Live CD to facility network monitoring, IDS, etc.


After reading a tweet from Richard Bejtlich over at Tao Security regarding the Security Onion Live CD, I felt that this package was a "must have" for any SCADA hacker looking to build or expand their current tool kit needed for comprehensive system assessments and pen testing.

Doug Burks has just released a new version of Security Onion, which if you have not played with this in the past, is an Ubuntu-based live CD that is used to facilitate network security monitoring. Since network vulnerabilities lead the list of common vulnerabilities seen on most control systems, this tool is worth your time and effort.

Since I am a huge proponent of the addition of Intrusion Detection Systems (IDS) to control system networks, I am a big fan of Security Onion. The current distribution includes the standby Snort release 2.9.0.3, but it also contains the Open Information Security Foundation (OISF) Suricata IDS project funded in part by the U.S. Dept. of Homeland Security chartered with building the next generation IDS/IPS engine. You can visit the OISF site for more information on Suricata by clicking here.

Some of the other packages you will find in Security Onion include:
  • Vortex IDS
  • Bro IDS
  • ABCIP
  • Dumbpig
  • NSMnow (includes Sguil, Barnyard2, Sancp, etc)
  • OSSEC
  • Squert
  • Xplico
  • hogger
  • SnortValidator
  • Metasploit
To install, I just created downloaded the ISO and then created a new virtual machine that boots from the ISO image. Total setup time ... less than 5 minutes!

This package is one that every hacker should have in their tool kit in order to completely evaluate the networks used with industrial control systems.

1 comment:

  1. Were you able to add Digital Bond's Quickdraw SCADA IDS Snort rules? I was having problems installing the preprocessors required for to run the EtherNet/IP rules and the DNP3 rules

    ReplyDelete