The Security Onion wiki is the best resources in learning about the hardware requirements for Security Onion.
When building my personal deployment of Security Onion, I used the wiki as a starting point. Due to my limited budget, I built a box which in hindsight was underpowered. Since this deployed in a home environment, I was willing to incur some packet loss.
CPU
I recommend at a minimum installing an i3 Intel Core or equivalent. A preferred processor will be i5 Intel Core or higher. For my installation, I used a AMD Athlon 5350 2.05 Ghz Kabini Quad Core Processor. For my network, the CPU selected is underpowered. There are times when my htop showed CPU scores greater than 4, which for a quad core processor means it is at full utilization and there are processes waiting for available threads. (Note: Since the upgrade to Bro 2.4 the CPU utilization seems to have gone down)
Memory
The more the better. For networks under 50 Mbps the minimum requirement will be 8GBs of RAM. However, if the network is 30 Mbps or greater, I recommend bumping up the memory to 16 GBs. Otherwise there is a significant risk for packet loss.
Storage
Depends on your storage requirements and amount of traffic going through. For example, if corporate policy limits data storage to 30 days then there is no need to purchase enough storage for 90 days. Be mindful of scripts that run in Security Onion that will purge data once a specified threshold is met. The default is 90%. I have it personally set for 80% for additional buffer.
NIC Card
The Security Onion wiki recommends Intel. I recommend Intel as well due to the availability of drivers across a wide variety of platforms. I personally chose TP-Link. Although, I have had no problems, nonetheless I recommend Intel. Not all NIC cards are created equally.
Power Supply
Do not underestimate the importance of purchasing an efficient and reliable power supply. Since this box will be running 24x7, I recommend buying a 80 Plus Silver and above. In the long run this will result in a lower power bill. More importantly, purchase a power supply from a reputable manufacture such as Seasonic, Antec, and Corsair.
No comments:
Post a Comment