Introduction to Security Onion

Security Onion is a Network Security Manager (NSM) platform that provides multiple Intrusion Detection Systems (IDS) including Host IDS (HIDS) and Network IDS (NIDS). Many types of data can be acquired using Security Onion for analysis. This includes data related to: Host, Network, Session, Asset, Alert and Protocols. Security Onion can be implemented as a standalone deployment with server and sensor included or with a master server and multiple sensors allowing for the system to be scaled as required. Many interfaces and tools are available for management of the system and analysis of data such as Sguil, Snorby, Squert and Enterprise Log Search and Archive (ELSA). These interfaces can be used for analysis of alerts and captured events and then can be further exported for analysis in Network Forensic Analysis Tools (NFAT) such as NetworkMiner, CapME or Xplico. The Security Onion platform also provides various methods of management such as Secure SHell (SSH) for management of server and sensors and Web client remote access. All of this with the ability to replay and analyse example malicious traffic makes the Security Onion a suitable low cost alternative for Network Security Management. In this paper, we have a feature and functionality review for the Security Onion in terms of: types of data, configuration, interface, tools and system management.

Knowledge-based management systems for the police force

Knowledge-Based Management Systems enable new ways to process and analyse knowledge to gain better insights to solve a problem and aid in decision making. In the police force such systems provide a solution for enhancing operations and improving client administration in terms of knowledge management. The main objectives of every police officer is to ensure the security of life and property, promote lawfulness, and avert and distinguish wrongdoing. The administration of knowledge and information is an essential part of policing, and the police ought to be proactive in directing both explicit and implicit knowledge, whilst adding to their abilities in knowledge sharing. In this paper the potential for a knowledge based system for the Mauritius police was analysed, and recommendations were also made, based on requirements captured from interviews with several long standing officers, and surveying of previous works in the area.