Monthly Archives: July 2012

Security Onion @ UTOSC 2012

Shortly before joining Secure Ideas, I spoke on Security Onion and Network Security Monitoring (NSM) at the Utah Open Source Conference 2012.  The presentation was aimed at introducing folks to Security Onion and how to get started with it.  The demo gods were tempted during the presentation, but I was still able to setup a distributed IDS and monitoring system in 10 minutes.  

For those not already familiar with Security Onion and NSM, I’ll give a quick recap.  Network Security Monitoring is the practice of capturing network alert data and combining it with full session data and as much complete traffic data that we can store.  One of the things that drove me insane with IDS on its own was the lack of context around the alerts.  Using NSM, we are able to go from looking at an alert and drill down to what was actually crossing the wire before, during and after the event.  Security Onion takes a large number of separate tools and combines them so that we can easily go through the NSM process.  It is a Linux distribution that is designed to stand alone or be a distributed monitoring system across your networks.  Oh, and its dead easy to setup and maintain.
So with that, here is the video of my presentation at UTOSC 2012.  
Peeling Back the Security Onion.

How to Setup RatProxy on Windows

In an effort to help developers and other windows users get started adding security testing into their process, this post will describe the process to install Ratproxy on Windows.  Ratproxy is an interception tool that is used to inspect web traffic and identify potential security vulnerabilities. Ratproxy is distributed as code and needs to be… Continue Reading