From the course: Security Onion
Introduction
- [Karl] Hey, folks, welcome to Intro to Security Onion. My name is Karl Hansen, and I'll be your instructor for this course. All right, so the first lesson is the intro to the course. All right, lesson one agenda. First, we'll start out with a bit about me. Then we'll cover our course objectives, the course prerequisites, and finally, the overall course agenda. All right, a bit about me. My name is Karl Hansen, as I mentioned before. I am a cybersecurity analyst/engineer in a SOC. I manage a Security Onion deployment, as well as a couple of other security monitoring tools. But I also work on investigations as needed. Now, I got my start in the cybersecurity field while working on my Master's of Science in Information Systems by getting an internship in the SOC that I work in currently. After I was hired on full-time after my internship, I was able to get my GCIA, which is the GIAC Certified Intrusion Analyst from the SANS Institute, and my CISSP, which is the Certified Information Systems Security Professional. Then, just on a more personal level, I am happily married with children. I'm also an avid putterer. I enjoy working with wood, gardening, doing metal work, working on the house, and herding my Corgi, children, and chickens. So onto the objectives for this course. By the end of the course, students should be able to: describe what Security Onion is used for and how it is used, install and configure Security Onion as either a standalone server or as a distributed network of servers, replay or sniff traffic, view and analyze traffic and alerts, and understand configuration, tuning, and ongoing maintenance. And you will also know where to go to get more information on Security Onion. All right, to be successful in this course, you should have a decent knowledge of networking. Since Security Onion is used for network monitoring, it is important to know how a network operates before you can really know how to monitor it. Next thing you'll need to know is Linux. Security Onion is a Linux distribution that is built upon Ubuntu. Without a good knowledge of Linux, working on the OS will likely be a bit more of a challenge. It would also be good to have knowledge of basic security technologies. If this is your first exposure to an IDS, then this course may be a bit more of a challenge to you. Now, if you want to create your own Security Onion instance, you'll want to make sure that you have a computer that is powerful enough to create a virtual machine with at least eight gigs of RAM, four CPU cores, and about a 10-gig hard drive. Now, for the course agenda. This is everything that we will be covering in this course. First, we'll talk about what Security Onion is and what it's used for. We will then show how to install a standalone Security Onion server, followed by a distributed deployment. Once we have those installed, we will review the standalone deployment and cover some of the resources that are available to help you in working with Security Onion. We will then have some fun with traffic by replaying a pcap containing malware traffic on the standalone server. And we'll follow that up by sniffing traffic from my Raspberry Pi. Once we work with traffic, we will wrap up the course with some management tips and best practices, as well as touching on some other functionality that Security Onion has to offer. All right, so with the introductions and the agenda out of the way, let's get started with the course. Our next lesson will answer the question: What is Security Onion? See you then, cheers.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.