Security Onion Installation.

Security Onion is a free and open-source computer intrusion detection system (IDS)

composed of a "surrounding" network of over 500 Linux systems, running freely configured

and patched software. The design approach assumes that IDSs are more transparent to

attackers than existing firewalls and that their expanding matrix-like architecture produces an

anti-evasion mechanism for hackers.

Security Onion provides statistical analysis of harvested data like other IDSs, with

alerts triggered by anomalous behavior in the system. Unlike most conventional methods, it

uses randomized hardware virtualization to conceal itself further while still being able to take

action on unknown or malicious data packets or activity patterns transmitted within the

network. While the system is primarily geared towards checking the web for signs of hacking

and malware, it can also be used to monitor and track other types of malicious activity.

Security Onion allows for monitoring without the proper structure that would typically be

necessary for larger organizations with more complex needs for deep analysis (LISIECKI,

2016).

The project was launched in February 2015 by David Bianco, a Google security

engineer who had previously developed a similar system called Ostrich. Security Onion was

initially designed as an open-source project hosted on Github. Still, before any code could be

written, there were multiple legal hurdles to clear, given Google's philosophy on free

software. Despite these challenges, Bianco was determined to release his new creation as

open source. With the project's ultimate goal being to become the most transparent IDS in

existence, free software was a necessity.

Although Security Onion was built from the ground up to be folded into a production

environment, it was also designed to be used outside the box by anyone interested in software
security, cyber security, and information security in general. The system can be run on any

physical computer and comes with a pre-configured KVM console for an easy user interface.

Security Onion is licensed under the GNU AGPLv3 license and can easily be found on the

official website and GitHub repository.

Security Onion's function is to provide statistical analysis of data transmitted on the

network. The system accomplishes this by combining entropy reduction techniques with

various anomaly detection techniques and then analyzing the results to determine whether or

not there are suspicious patterns and data (Zhou, 2013).

 References

Boyce, G. (2019). Bake in .onion for Tear-Free and Stronger Website Authentication. IEEE

Security & Privacy, 14(2), 15–21. https://doi.org/10.1109/msp.2016.33

LISIECKI, L. (2016). THE ONION ROUTER (TOR) - A THREAT TO GLOBAL

SECURITY. National Security Studies, 10(1), 287–302.

https://doi.org/10.37055/sbn/129851

Zhou, P. (2013). Inference attacks against trust-based onion routing: Trust degree to the

rescue. Computers & Security, 39, 431–446.

https://doi.org/10.1016/j.cose.2013.09.007