Network security can be thought of as being similar to an onion (see figure 1).

(figure 1)

I can hear you asking yourself "How are they similar?" The answer to your question is that both have multiple layers. Take a closer look at the picture... it is obvious that every layer depends on the next layer to provide integrety.

Of course, network security isn't an onion. You can't batter and deep fry network security like you can an onion. Likewise, you can't take an onion and use it to monitor your network traffic for suspicious packets.

The outermost layer of the the security onion is the firewall protecting your entire network. Your firewall is your first line of defence.

The next layer is the network setup itself. Are you running an IDS here? Is this where your DMZ is located?

The innermost layer is the actual host itself. This is the last line of defence. The core of the security onion is based on having good security policy. Good security policy includes updating all critical programs, patching your operating system, running an anti-virus program, Enforcing good password policies...

This project is an attempt to make a tool to bridge the innermost and outermost layers of the secuity onion. Ideally, this project is to serve as a means to gather network information, audit machines, capture and log suspicious traffic, and if necessary, provide a means to respond to an attack caused by a malicious user.