Hey, folks. Welcome to intro to Security Onion. My name is Carl Hansen, and I'll be your instructor for this course.
All right, So the first lesson is the intro to the course.
All right, Lesson one, agenda. First, we'll start out with a bit about me, then will cover our course objectives, the course prerequisites. And finally, the overall course agenda.
All right, a bit about me. My name is Carl Hansen. As I mentioned before, I am a cyber security analyst engineer in a sock.
I manage a security onion deployment as well as a couple of other security monitoring tools, but I also work on investigations as needed.
Now, I got my start in the cyber security field while working on my masters of science and information systems by getting an internship in the sock that I work in. Currently,
after I was hired on full time after my internship, I was able to get my G c I A, which is the G I, A C certified intrusion analyst from the Sands Institute and my C I S S P, which is the certified information systems security professional.
Then just on a more personal level, I am happily married with Children. I'm also on avid putter. I enjoy working with wood gardening, doing metal work, working on the house and hurting my corgi Children and chickens
so onto the objectives. For this course.
By the end of the course, students should be able to describe what security onion is used for and how it is used. Install and configure security onion as either a standalone server or as a distributed network of servers.
Replay or sniff traffic view and analyze traffic and alerts and understand configuration tuning and ongoing maintenance.
And you will also know where to go to get more information on security onion.
But to be successful in this course, you should have a decent knowledge of networking. Since security onion is used for network monitoring, it is important to know how a network operates before you can really know how to monitor it.
Next thing you'll need to know is Lennix security. Onion is a Lenox distribution that is built upon a boo, too.
Without a good knowledge of Lennox, working on the OS will likely be a bit more of a challenge.
It would also be good to have knowledge of basic security technologies. If this is your first exposure to a 90 s, then this course maybe a bit more of a challenge to you.
Now, if you want to create your own security Onion instance, you'll want to make sure that you have a computer that is powerful enough to create a virtual machine without least eight gigs of RAM for CPU cores and about a 10 gig hard drive
now for the course agenda. This is everything that we will be covering in this course.
First, we'll talk about what security onion is and what it's used for. We will then show how to install a standalone security onion server,
followed by a distributed deployment. Once we have those installed, we will review the standalone deployment and cover some of the resource is that are available to help you and working with security onion.
We will don't have some fun with traffic by replaying a pea cap, contending malware traffic on the stand alone server,
and we'll follow that up by sniffing traffic from my raspberry pi.
Once we work with traffic, we will wrap up the courts with some management tips and best practices, as well as touching on some other functionality that security onion has to offer.
All right, So with the introductions and the agenda out of the way, let's get started with the course. Our next lesson will answer the question. What is security, Onion.