Security Onion

Version Reviewed: security-onion-live-20120125.iso
Rating: Good
Where To Get It: http://code.google.com/p/security-onion/wiki/Installation

Product Overview
Security Onion is a non-commercial Linux distribution that aims to simplify the installation of numerous widely used security tools, especially those focused on intrusion detection and Network Security Monitoring (NSM). This include tools such as Snort, Suricata, Sguil, and Xplico to name a few.

What We Like

  • Simple and easy user interface
  • Creator Doug Burks is on the ball for any questions from users
  • Saved hours of time with the simplified installation (Snort, Snorby, Barnyard, Oinkmaster)
  • Installation of multiple tools for trial

What We Weren’t So Fond Of

  • Lack of granular installation (all applications are installed regardless of preference)
  • One has to install the entire Linux distro as opposed to simply being able to install the Security Onion applications
  • Resource utilization (just enough to make an old home system feel slow)

Verdict
Our frank opinion of Security Onion is that it is great, but immature. Security Onion allows both expert and novice users to quickly and easily install security tools whose installation was previously cumbersome if not plain annoying. However, Security Onion currently lacks granularity and a strong community to back it.

At it’s core Security Onion is a glorified Linux installer masked as a customized Ubuntu Linux distribution. As a Linux installer, the interface is simple and easy to use but is not particularly rich in terms of options. This is perfectly fine for a user who merely wants to install the tools and utilities in a somewhat standardized manner. For those who wish to sculpt their installation however, expect to spend some time in the command-line interface.

Leave a comment