Jan 2016 – Onions Make You Cry Tears of Joy

How to Improve Your Network Security Monitoring Capabilities Using Security Onion Sensors and Network Architecture

We will be kicking off the New Year with the first part of a two part series. (Open Source Security vs Commercial Products).

open source vs

This month we will be discussing open source security and how our own Nate Sykes and Grant Sims (bios below) are using open source products to secure their network. Next month we will have Cisco come in and give us an overview of what they can offer from a commercial software standpoint.

Nate and Grant have been working to transition their security posture from a purely prevention based model to a prevent, detect and respond model. Nate and Grant put it this way “Prevention WILL fail. As a defender you have to consider/protect EVERYTHING. An attacker only has to find ONE flaw overlooked, unknown, unpatched or misconfigured.” To that end Nate and Grant will give us an overview of how they use open source security sensors to defend their network.

They will discuss:

Here are the slides from the first part of the presentation:

you shall not pass

Security Onion – Part 1

For the second part of the presentation, Grant demoed how to use Security Onion to investigate an AnglerEK incident:

Brief bios:
Nate Sykes (@n8sec) is the IT Manager at R&K Solutions, he has been working in IT for 19yrs. Nate has worked in all areas of system and network administration. He has been involved in different aspects of security for the last 6yrs, mostly involving blue team work. He holds GSEC, GMON and Security+ certifications.

Grant Sims (@ChiefRiverSims) is the Sr Security Analyst at R&K Solutions, he has been working in IT for 9yrs. He has a networking background, developed while working in a major DoD data center. He holds CCNA-Voice, CCDP, CCNP, Security+ and GPEN certifications.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s