Introduction to Security Onion

Security Onion is a Network Security Manager (NSM) platform that provides multiple Intrusion Detection Systems (IDS) including Host IDS (HIDS) and Network IDS (NIDS). Many types of data can be acquired using Security Onion for analysis. This includes data related to: Host, Network, Session, Asset, Alert and Protocols. Security Onion can be implemented as a standalone deployment with server and sensor included or with a master server and multiple sensors allowing for the system to be scaled as required. Many interfaces and tools are available for management of the system and analysis of data such as Sguil, Snorby, Squert and Enterprise Log Search and Archive (ELSA). These interfaces can be used for analysis of alerts and captured events and then can be further exported for analysis in Network Forensic Analysis Tools (NFAT) such as NetworkMiner, CapME or Xplico. The Security Onion platform also provides various methods of management such as Secure SHell (SSH) for management of server and sensors and Web client remote access. All of this with the ability to replay and analyse example malicious traffic makes the Security Onion a suitable low cost alternative for Network Security Management. In this paper, we have a feature and functionality review for the Security Onion in terms of: types of data, configuration, interface, tools and system management.

Tackling trafficking in human beings in a security integrated Europe: addressing the challenges using trafficking schematics

This paper aims to conceptualise trafficking in human beings (THB) as an organised crime by drawing on the rational choice theory. Utilising crime scripting principles, it proposes trafficking schematics to capture and visualise THB in its entirety. Stemming from its transnational nature and varying conceptualisations, combatting THB faces challenges, such as the lack of harmonisation of policy instruments and differing stakeholder agendas. To mitigate these challenges, this paper proposes trafficking schematics. Their core lies in the modelling of THB constituent elements, including stages and their sequence, key actors and relationships, and financial modus operandi. Trafficking schematics may therefore contribute to addressing THB in a holistic, dynamic and integrated way, by enriching stakeholders’ understanding of the phenomenon and facilitating collaboration to address it. The paper contributes to theory and practice by drawing up a model of the procedural, human, logistical and environmental elements of THB that may be viewed as an instrument of public value creation.

Readings in the UK energy security

Over the last few decades, the debate about “Peak Oil” became increasingly common and frustrating to governments, oil companies, and individuals. Also in the last decade or so, some unusual events took place which have raised the concern about the future of energy resources. These events lead policy makers to consider what is known today as “Energy Security.” The UK is one of these countries that fears the unknown future should petroleum resources worldwide become scarce or vanish. After the dwindling of the North Sea production, the UK found itself on the brink of losing its energy self-sufficiency. This article asks the questions: Has the UK’s oil and gas production peaked yet? If so, does the UK have a serious energy security problem, and if so, how may this problem be solved and what are the possible short, medium, and long-term solutions for such a concern? In answering these questions, the article discusses the concerns and challenges to the UK energy security and brings about the government plans for tackling these concerns. It is found that the UK does not experience an energy security problem on the short to medium-term, but it may suffer energy insecurity on the longer-term.

New challenges for the EU internal security strategy

In recent years, the EU and its member states have experienced a number of changes, as well as challenges, in the areas of politics, economics, security and law. As these areas are interconnected, changes and challenges to any of them have implications for the others, as well as implications for the populations and institutions of the EU or those coming into contact with its international power and influence. This edited collection focuses primarily on security and law, particularly the EU’s internal security strategy. The EU’s Internal Security Strategy, adopted by the Spanish presidency early in 2010, followed the Lisbon Treaty in 2009, building on previous developments within the EU in the Area of Freedom Security and Justice (AFSJ) policy. The focus of the EU Internal Security Strategy is to prevent and combat “serious and organised crime, terrorism and cybercrime, in strengthening the management of our external borders and in building resilience to natural and man-made disasters”. The Internal Security strategy intersects and overlaps with the European Union’s Counter-terrorism strategy, the Strategy for the External Dimension of JHA, and the EU’s Security Strategy. The role of and interaction between these strategies, their supplementing documents, and their implications for crime, victims, the law, political relations, democracy and human rights, form the backdrop against which the chapters in this collection are written. Building on original research by its contributors, this collection comprises work by authors from a wide variety of academic and professional areas and perspectives, as well as different countries, on a variety of areas and issues related to or raised by the EU’s Internal Security Strategy, from intelligence-led policing to human trafficking and port security. This book examines, from a wide variety of disciplinary perspectives including law, geography, politics and practice, both this further refinement of existing internal provisions on cross-border crime, and the increasing external relations of the EU in the AFSJ.

The issue of data protection and data security in the (pre-Lisbon) EU third pillar

The key functional operability in the pre-Lisbon PJCCM pillar of the EU is the exchange of intelligence and information amongst the law enforcement bodies of the EU. The twin issues of data protection and data security within what was the EU’s third pillar legal framework therefore come to the fore. With the Lisbon Treaty reform of the EU, and the increased role of the Commission in PJCCM policy areas, and the integration of the PJCCM provisions with what have traditionally been the pillar I activities of Frontex, the opportunity for streamlining the data protection and data security provisions of the law enforcement bodies of the post-Lisbon EU arises. This is recognised by the Commission in their drafting of an amending regulation for Frontex , when they say that they would prefer “to return to the question of personal data in the context of the overall strategy for information exchange to be presented later this year and also taking into account the reflection to be carried out on how to further develop cooperation between agencies in the justice and home affairs field as requested by the Stockholm programme.” The focus of the literature published on this topic, has for the most part, been on the data protection provisions in Pillar I, EC. While the focus of research has recently sifted to the previously Pillar III PJCCM provisions on data protection, a more focused analysis of the interlocking issues of data protection and data security needs to be made in the context of the law enforcement bodies, particularly with regard to those which were based in the pre-Lisbon third pillar. This paper will make a contribution to that debate, arguing that a review of both the data protection and security provision post-Lisbon is required, not only in order to reinforce individual rights, but also inter-agency operability in combating cross-border EU crime. The EC’s provisions on data protection, as enshrined by Directive 95/46/EC, do not apply to the legal frameworks covering developments within the third pillar of the EU. Even Council Framework Decision 2008/977/JHA, which is supposed to cover data protection provisions within PJCCM expressly states that its provisions do not apply to “Europol, Eurojust, the Schengen Information System (SIS)” or to the Customs Information System (CIS). In addition, the post Treaty of Prüm provisions covering the sharing of DNA profiles, dactyloscopic data and vehicle registration data pursuant to Council Decision 2008/615/JHA, are not to be covered by the provisions of the 2008 Framework Decision. As stated by Hijmans and Scirocco, the regime is “best defined as a patchwork of data protection regimes”, with “no legal framework which is stable and unequivocal, like Directive 95/46/EC in the First pillar”. Data security issues are also key to the sharing of data in organised crime or counterterrorism situations. This article will critically analyse the current legal framework for data protection and security within the third pillar of the EU.

A study on situational awareness security and privacy of wearable health monitoring devices

Situational Awareness provides a user centric approach to security and privacy. The human factor is often recognised as the weakest link in security, therefore situational perception and risk awareness play a leading role in the adoption and implementation of security mechanisms. In this study we assess the understanding of security and privacy of users in possession of wearable devices. The findings demonstrate privacy complacency, as the majority of users trust the application and the wearable device manufacturer. Moreover the survey findings demonstrate a lack of understanding of security and privacy by the sample population. Finally the theoretical implications of the findings are discussed.