3 hours 10 minutes
Hey, folks. Welcome to Lesson Four of intro to Security Onion. I'm your instructor, Carl, and in this lesson we will install a distributed security onion environment.
So for the agenda, first we'll discuss this to distributed environment architecture.
We will then review the typical process for installing and setting up the system,
and after that will touch briefly on the tools that I'll use in this demonstration.
And finally, we will have a demo of the configuration process on some already installed servers.
So there are three server types that we will be using in this demonstration. The first is the manager. This is the one that will be running our Web server and will be managing the rest of our environment.
It is not sniffing any traffic or storing much data, so the system does not need as many resource is as some of the servers in the environment.
Thus, we are okay to use a V M for the manager. In a typical environment,
the next two servers are the forward note and the storage node.
Now these servers will be processing and storing much more in data, so they should be on hardware that has been properly sized to the environment
that you're using.
Now it's out of the scope of this course to really dive into sizing servers for your environment, so I'd recommend you read through the security onion documentation.
I will say, though,
go for fast bus speed, a ton of storage and a raid array and as much memory and as many fast to CP use as you can afford,
then probably double it.
There will always be more traffic than you expect.
The typical procedure for installing a distributed environment starts how pretty similar to the stand alone server and that you download your eye so image than deployed on your servers or V EMS.
Now, for this demonstration, we will be deploying all of our servers in a virtual environment.
Now. This typically isn't recommended, as your forward and storage nodes need. Dedicated resource is.
But for this demo, which will be five
that once the ice so is deployed and we install the OS, we will typically update the system with soup
and, after the system is updated, will need to add some user accounts on the manager so it can manage the child nodes.
Then finally, we will run the configuration scripts for each of the servers
not to make it easier to follow along with what I'm doing. Well, talk briefly about the tools that I'm using. Now, all of the servers at Miss Demo are located on my virtual ization server and those air managed with virtual box. Now, the Web interface for my virtual box environment is through PHP virtual box.
And this allows me to manage everything remotely.
I will also be connecting to the servers a remotely over S S h using putty. And since we will still want to use the security Onion configuration script, which has a gooey we
we'll make use of ex Mingus server, which enables X 11 forwarding and putty
by running the configuration script remotely through putty via X 11 forwarding. It allows us to not be reliant on tools like Ex Rdp or the terminal in PHP virtual box, which can be kind of buggy. All right, let's get started with the demo
Using Snort and Wireshark to Analyze Traffic
The Using Snort and Wireshark to Analyze Traffic virtual lab from CybrScore guides the student ...
The IDS Setup virtual lab from CybrScore guides the student through setting up an intrusion ...