Security Onion Architecture
Aj Navarro
How many teams represents this architecture?
How many interfaces i need?
Does the scheme can be installed in a distributed?
Can we install components separately or whole suit?
If the environment is distributed how much bandwidth require?
I attached the architecture image.
Wes Lambert
Aj,
Please see the responses below:
How many teams represents this architecture?
I'm not sure what you mean by this. Many teams manage the entire deployment themselves.
How many interfaces i need.
For a master server you need a mgmt interface only.
For a sensor, you will need a mgmt interface and a sniffing interface.
For a standalone (server/sensor), you will need a mgmt and sniffing interface .
Does the scheme can be installed in a distributed?
Yes, Security Onion can be installed in a standalone or distributed deployment.
Can we install components separately or whole suit?
All components are included with both master servers and sensors. You can choose what you would like enabled while navigating through setup (some, of course, will apply only to server/sensor)
If the environment is distributed how much bandwidth require?
I wouldn't say there is a whole lot of bandwidth required, but that depends. You may want to take into consideration the amount of traffic generated by sensors back to the master or through the receipt of other logs from other mechanisms. This all depends on how many devices you have reporting to the sensors and the volume of traffic/log generation for each device.
Hope this helps to clarify.
Thanks,
Wes
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
Aj Navarro
in relation to the first question, I need to know how many appliances in a server-sensor architecture must be installed.
In the image attached, the sensor its just only one or many appliacens?
I also want to know if the same sensor must be installed snort/suricata, bro, ossec or install them on different sensors.
Wes
Aj,
In a server-sensor deployment, you will need a minimum of two machines (server/sensor). You do not have to run all of the applications on the sensor for every sensor you deploy--some folks prefer to have sensors dedicated to specific applications, but that is up to you--you can run all of the applications in regard to a sensor on a single sensor, and many folks do.
Thanks,
Wes