Follow

Today's neat thing is . Network and host intrusion detection, log analysis workstation, and incident management console, all neatly packaged in an Ubuntu-based virtual appliance.

securityonion.net/

@Creideiki I've been using it for a while and can confirm it's a great tool.

Combined with a switch that supports mirroring a port (so that SecurityOnion can listen on all traffic to and from the router, without sitting physically between the switch and the router) it really gets the job done.

@rysiek I'm wondering how small a piece of hardware it could be made to run on.

"Oh, you think something suspicious is going on right now? *plugs in NUC* Let's see what the IDS says..."

@Creideiki I'm running it on a T440, but pretty sure it would run pretty comfortably on a x240. CPU doesn't seem to be too hogged (apart from when updating stuff). The resources that seem to be in highest demand are:
1. RAM (it's n 8GiB machine and it's running with ~1GiB free, i.e. razor-thin margin)
2. disk space for all the pcaps and whatnot.

So I guess a NUC with a crap-ton of RAM and a large SSD would do, yes. Although I find it a great way to use old laptops.

@Creideiki also, obviously, it all depends on the size of the network you're monitoring and network traffic you're handling. I am talking about a medium-sized office network there.

Thanks for the data point! That means I can probably find something in the scrap heap and avoid having to buy anything new just to run a live test.

Also, the X240 has the new crappy keyboard, so dumping one of those in a network closet seems reasonable :)

/sent from (one of) my X220

Sign in to participate in the conversation
Mastodon

Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!