DOCSLIB.ORG

Security Onion Documentation Release 2.3

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Security Onion Documentation Release 2.3 Security Onion Documentation Release 2.3 Sep 24, 2021 Table of Contents 1 About 1 1.1 Security Onion..............................................1 1.2 Security Onion Solutions, LLC.....................................2 1.3 Documentation..............................................2 2 Introduction 5 2.1 Network Security Monitoring......................................7 2.2 Enterprise Security Monitoring.....................................7 2.3 Analysis Tools..............................................8 2.4 Deployment Scenarios.......................................... 12 2.5 Conclusion................................................ 12 3 License 13 4 First Time Users 15 5 Getting Started 39 5.1 Architecture............................................... 40 5.2 Hardware Requirements......................................... 48 5.3 Partitioning................................................ 53 5.4 Download................................................. 55 5.5 VMware................................................. 55 5.6 VirtualBox................................................ 57 5.7 Booting Issues.............................................. 58 5.8 Installation................................................ 58 5.9 AWS Cloud AMI............................................. 60 5.10 Azure Cloud Image............................................ 66 5.11 Configuration............................................... 70 5.12 Machine Learning............................................ 71 5.13 After Installation............................................. 73 6 Security Onion Console (SOC) 75 6.1 Alerts................................................... 79 6.2 Hunt................................................... 86 6.3 PCAP................................................... 94 6.4 Grid.................................................... 98 6.5 Downloads................................................ 98 i 6.6 Administration.............................................. 99 6.7 Kibana.................................................. 99 6.8 Grafana.................................................. 103 6.9 CyberChef................................................ 105 6.10 Playbook................................................. 109 6.11 Fleet................................................... 114 6.12 TheHive................................................. 115 6.13 ATT&CK Navigator........................................... 117 7 Analyst VM 119 7.1 NetworkMiner.............................................. 120 7.2 Wireshark................................................. 123 8 Network Visibility 129 8.1 AF-PACKET............................................... 130 8.2 Stenographer............................................... 131 8.3 Suricata.................................................. 133 8.4 Zeek................................................... 136 8.5 Strelka.................................................. 144 9 Host Visibility 149 9.1 osquery.................................................. 149 9.2 Beats................................................... 151 9.3 Wazuh.................................................. 153 9.4 Syslog.................................................. 156 9.5 Sysmon.................................................. 156 9.6 Autoruns................................................. 158 10 Logs 159 10.1 Ingest................................................... 159 10.2 Filebeat.................................................. 161 10.3 Logstash................................................. 177 10.4 Redis................................................... 182 10.5 Elasticsearch............................................... 183 10.6 ElastAlert................................................. 190 10.7 Curator.................................................. 193 10.8 Data Fields................................................ 195 10.9 Alert Data Fields............................................. 195 10.10 Elastalert Fields............................................. 196 10.11 Zeek Fields................................................ 197 10.12 Community ID.............................................. 197 10.13 Re-Indexing............................................... 198 11 Updating 199 11.1 soup.................................................... 199 11.2 Airgap.................................................. 202 11.3 End Of Life................................................ 203 12 Accounts 205 12.1 Passwords................................................ 205 12.2 Adding Accounts............................................. 206 12.3 Listing Accounts............................................. 207 12.4 Disabling Accounts........................................... 208 12.5 Role-Based Access Control (RBAC)................................... 209 ii 13 Services 215 14 Customizing for Your Environment 217 14.1 Cortex.................................................. 217 14.2 Proxy Configuration........................................... 218 14.3 Firewall.................................................. 219 14.4 Email Configuration........................................... 224 14.5 NTP.................................................... 225 14.6 SSH.................................................... 226 14.7 Changing IP Addresses.......................................... 227 14.8 Changing Web Access URL....................................... 227 15 Tuning 229 15.1 Salt.................................................... 229 15.2 Homenet................................................. 231 15.3 BPF.................................................... 232 15.4 Managing Rules............................................. 234 15.5 Adding Local Rules........................................... 236 15.6 Managing Alerts............................................. 237 15.7 High Performance Tuning........................................ 245 16 Tricks and Tips 247 16.1 Backups................................................. 247 16.2 Docker.................................................. 248 16.3 DNS Anomaly Detection......................................... 250 16.4 ICMP Anomaly Detection........................................ 251 16.5 Adding a new disk............................................ 251 16.6 PCAPs for Testing............................................ 252 16.7 Removing a Node............................................ 253 16.8 Syslog Output.............................................. 254 16.9 UTC and Time Zones.......................................... 255 17 Utilities 257 17.1 jq..................................................... 257 17.2 so-allow................................................. 257 17.3 so-elastic-auth.............................................. 258 17.4 so-elasticsearch-query.......................................... 259 17.5 so-import-pcap.............................................. 260 17.6 so-import-evtx.............................................. 261 17.7 so-monitor-add.............................................. 261 17.8 so-test................................................... 261 17.9 so-zeek-logs............................................... 263 18 Help 265 18.1 FAQ.................................................... 265 18.2 Directory Structure............................................ 269 18.3 Tools................................................... 270 18.4 Support.................................................. 271 18.5 Community Support........................................... 271 18.6 Help Wanted............................................... 272 19 Security 275 19.1 Vulnerability Disclosure......................................... 275 19.2 Product and Supply Chain Integrity................................... 275 iii 20 Appendix 277 21 Release Notes 281 21.1 2.3.80 Changes.............................................. 281 21.2 2.3.70 Hotfix [WAZUH]......................................... 282 21.3 2.3.70 Hotfix [GRAFANA_DASH_ALLOW].............................. 282 21.4 2.3.70 Hotfix [CURATOR]........................................ 282 21.5 2.3.70 Changes.............................................. 282 21.6 2.3.61 Hotfix [STENO, MSEARCH].................................. 283 21.7 2.3.61 Changes.............................................. 283 21.8 2.3.60 Hotfix [ECSFIX, HEAVYNODE, FBPIPELINE, CURATORAUTH] Changes......... 283 21.9 2.3.60 Changes.............................................. 284 21.10 2.3.52 Changes.............................................. 285 21.11 2.3.51 Changes.............................................. 285 21.12 2.3.50 Changes.............................................. 285 21.13 2.3.50 Known Issues........................................... 287 21.14 2.3.40 Changes.............................................. 287 21.15 2.3.40 Known Issues........................................... 288 21.16 2.3.30 Changes.............................................. 288 21.17 2.3.30 Known Issues........................................... 290 21.18 2.3.21 Changes.............................................. 290 21.19 2.3.10 Changes.............................................. 292 21.20 2.3.10 Known Issues........................................... 294 21.21 2.3.2 Changes.............................................. 294 21.22 2.3.1 Changes.............................................. 294 21.23 2.3.1 Known Issues............................................ 294 21.24 2.3.0 Changes.............................................
Load more

Recommended publications
  • Implementing Cisco Cyber Security Operations
    2019 CLUS Implementing Cisco Cyber Security Operations Paul Ostrowski / Patrick Lao / James Risler Cisco Security Content Development Engineers LTRCRT-2222 2019 CLUS Cisco Webex Teams Questions? Use Cisco Webex Teams to chat with the speaker after the session How 1 Find this session in the Cisco Live Mobile App 2 Click “Join the Discussion” 3 Install Webex Teams or go directly to the team space 4 Enter messages/questions in the team space Webex Teams will be moderated cs.co/ciscolivebot#LTRCRT-2222 by the speaker until June 16, 2019. 2019 CLUS © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3 Agenda • Goals and Objectives • Prerequisite Knowledge & Skills (PKS) • Introduction to Security Onion • SECOPS Labs and Topologies • Access SECFND / SECOPS eLearning Lab Training Environment • Lab Evaluation • Cisco Cybersecurity Certification and Education Offerings 2019 CLUS LTRCRT-2222 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4 Goals and Objectives: • Today's organizations are challenged with rapidly detecting cybersecurity breaches in order to effectively respond to security incidents. Cybersecurity provides the critical foundation organizations require to protect themselves, enable trust, move faster, add greater value and grow. • Teams of cybersecurity analysts within Security Operations Centers (SOC) keep a vigilant eye on network security monitoring systems designed to protect their organizations by detecting and responding to cybersecurity threats. • The goal of Cisco’s CCNA Cyber OPS (SECFND / SECOPS) courses is to teach the fundamental skills required to begin a career working as an associate/entry-level cybersecurity analyst within a threat centric security operations center. • This session will provide the student with an understanding of Security Onion as an open source network security monitoring tool (NSM).
    [Show full text]
  • Securing Infrastructure-As-A-Service Public Clouds Using Security Onion
    Securing Infrastructure-as-a-Service Public Clouds Using Security Onion MIKAIL, Abdullahi and PRANGGONO, Bernardi <http://orcid.org/0000-0002- 2992-697X> Available from Sheffield Hallam University Research Archive (SHURA) at: http://shura.shu.ac.uk/23927/ This document is the author deposited version. You are advised to consult the publisher's version if you wish to cite from it. Published version MIKAIL, Abdullahi and PRANGGONO, Bernardi (2019). Securing Infrastructure-as-a- Service Public Clouds Using Security Onion. Applied System Innovation, 2 (1). Copyright and re-use policy See http://shura.shu.ac.uk/information.html Sheffield Hallam University Research Archive http://shura.shu.ac.uk Article Securing Infrastructure-as-a-Service Public Clouds Using Security Onion Abdullahi Mikail and Bernardi Pranggono * Department of Engineering and Mathematics, Sheffield Hallam University, Howard Street, Sheffield S1 1WB, UK; [email protected] * Correspondence: [email protected] Received: 17 December 2018; Accepted: 23 January 2019; Published: 30 January 2019 Abstract: The shift to Cloud computing has brought with it its specific security challenges concerning the loss of control, trust and multi-tenancy especially in Infrastructure-as-a-Service (IaaS) Cloud model. This article focuses on the design and development of an intrusion detection system (IDS) that can handle security challenges in IaaS Cloud model using an open source IDS. We have implemented a proof-of-concept prototype on the most deployed hypervisor—VMware ESXi—and performed various real-world cyber-attacks, such as port scanning and denial of service (DoS) attacks to validate the practicality and effectiveness of our proposed IDS architecture.
    [Show full text]
  • Intrusion Detection Systems (IDS)
    Intrusion Detection Systems (IDS) Adli Wahid Role of Detection in Security • Part of security monitoring o Violation of security policies o Indicators of compromise o Threat drive or Vulnerability driven o What’s happening on the network? • Rules o Detection is based on rules • Action • What do we do when detection happens? • Alert and Investigate • Drop / Block Perspective – Adversary Tactics and Techniques • Mitre Att&ck Framework https://attack.mitre.org • Tactics – what are the goals of the adversary? • Technique – how do they do it? • SubJect to: o Resources o Platforms • Can we used this knowledge for detection? o Observe Adversaries Behaviour o Techniques, Tactics and Procedures (TTPs) o Deploy in prevention, detection, response Your Adversaries Motives Infrastructure Targets Behaviour Your Assets Your Systems Reference: https://published-prd.lanyonevents.com/published/rsaus19/sessionsFiles/13884/AIR-T07-ATT%26CK-in-Practice-A-Primer-to-Improve-Your-Cyber-Defense-FINAL.pdf Reference: https://published-prd.lanyonevents.com/published/rsaus19/sessionsFiles/13884/AIR-T07-ATT%26CK-in-Practice-A-Primer-to-Improve-Your-Cyber-Defense-FINAL.pdf Making Your Infrastructure Forensics Ready • Detecting known or potentially malicious activities • Part of the incident response plan • If your infrastructure is compromised o Can you answer the questions: what happened and since when? o Can we ‘go back in time’ and how far back? • What information you you need to collect and secure? • Centralized logging Intrusion Detection Systems • An intrusion
    [Show full text]
  • Guide to Secure Software Development in Ruby
    Fedora Security Team Secure Ruby Development Guide Guide to secure software development in Ruby Ján Rusnačko Secure Ruby Development Guide Fedora Security Team Secure Ruby Development Guide Guide to secure software development in Ruby Edition 1 Author Ján Rusnačko [email protected] Copyright © 2014 Ján Rusnačko. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. The original authors of this document, and Red Hat, designate the Fedora Project as the "Attribution Party" for purposes of CC-BY-SA. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. For guidelines on the permitted uses of the Fedora trademarks, refer to https://fedoraproject.org/wiki/ Legal:Trademark_guidelines. Linux® is the registered trademark of Linus Torvalds in the United States and other countries. Java® is a registered trademark of Oracle and/or its affiliates. XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
    [Show full text]
  • USING LUA for DETECTION and MALWARE TRAFFIC ANALYSIS Dr Chris Wakelin, Senior Threat Analyst, Proofpoint November 2018
    MOONSTRUCK: USING LUA FOR DETECTION AND MALWARE TRAFFIC ANALYSIS Dr Chris Wakelin, Senior Threat Analyst, Proofpoint November 2018 1 © 2018 Proofpoint, Inc. Introduction . “Lua” is Portuguese for “Moon” . Small extensible language . Considered “well-engineered” by experts : . “If you read ... you'll see that the Lua team were well aware of many developments in programming languages and were able to choose from among the best ideas. Most designers of popular scripting languages have been amateurs and have not been nearly so well informed ... Lua is superbly designed so that the pieces fit together very nicely, with an excellent power-to-weight ratio ... Lua is superbly engineered. The implementation is just staggeringly good ...” . Currently used in . Wireshark . Games (Angry Birds, Crysis, Far Cry, Gary’s Mod …) . etc. 2 © 2018 Proofpoint, Inc. Introduction . Lua(jit) scripting support added initially in September 2012 . After suggestion by Will Metcalf of Emerging Threats . Lua Output support added March 2014 . Lua flowvar support added in 2013 . but only viewable (logged) from December 2016 3 © 2018 Proofpoint, Inc. Lua vs LuaJIT . LuaJIT – Just-In-Time compiler for Lua . Stable version 2.0.5 . Ubuntu 16.04 LTS included 2.0.4 . Development – version 2.1beta3 (for 18 months …) . Included in Ubuntu 18.04 LTS though . Some caveats . Based on older Lua 5.1 . Latest Lua is version 5.4 . Need to pre-allocate buffers in Suricata . Probably best to stick to Lua 5.1 features 4 © 2018 Proofpoint, Inc. Lua/LuaJIT options Suricata “configure” options (pick one) --enable-lua Enable Lua support --enable-luajit Enable Luajit support suricata.yaml … # Luajit has a strange memory requirement, it's 'states' need to be in the # first 2G of the process' memory.
    [Show full text]
  • Downloads." the Open Information Security Foundation
    Performance Testing Suricata The Effect of Configuration Variables On Offline Suricata Performance A Project Completed for CS 6266 Under Jonathon T. Giffin, Assistant Professor, Georgia Institute of Technology by Winston H Messer Project Advisor: Matt Jonkman, President, Open Information Security Foundation December 2011 Messer ii Abstract The Suricata IDS/IPS engine, a viable alternative to Snort, has a multitude of potential configurations. A simplified automated testing system was devised for the purpose of performance testing Suricata in an offline environment. Of the available configuration variables, seventeen were analyzed independently by testing in fifty-six configurations. Of these, three variables were found to have a statistically significant effect on performance: Detect Engine Profile, Multi Pattern Algorithm, and CPU affinity. Acknowledgements In writing the final report on this endeavor, I would like to start by thanking four people who made this project possible: Matt Jonkman, President, Open Information Security Foundation: For allowing me the opportunity to carry out this project under his supervision. Victor Julien, Lead Programmer, Open Information Security Foundation and Anne-Fleur Koolstra, Documentation Specialist, Open Information Security Foundation: For their willingness to share their wisdom and experience of Suricata via email for the past four months. John M. Weathersby, Jr., Executive Director, Open Source Software Institute: For allowing me the use of Institute equipment for the creation of a suitable testing
    [Show full text]
  • WEB2PY Enterprise Web Framework (2Nd Edition)
    WEB2PY Enterprise Web Framework / 2nd Ed. Massimo Di Pierro Copyright ©2009 by Massimo Di Pierro. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600, or on the web at www.copyright.com. Requests to the Copyright owner for permission should be addressed to: Massimo Di Pierro School of Computing DePaul University 243 S Wabash Ave Chicago, IL 60604 (USA) Email: [email protected] Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created ore extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages. Library of Congress Cataloging-in-Publication Data: WEB2PY: Enterprise Web Framework Printed in the United States of America.
    [Show full text]
  • Original.Pdf
    Rails Security Primer I am not a software security expert CVE? Common Vulnerabilities and Exposures Vulnerability A weakness that an attacker can use to exploit a system Exploit A piece of software that exploits a vulnerability to achieve unintended or unanticipated behavior CVE-2012-5664 SQL Injection Vulnerability SQL Injection Vulnerability …but only exploitable if you used Authlogic or find_by_* methods in a certain way A cookie like { "session_id" => "41414141", "user_credentials" => "Phenoelit", "user_credentials_id" => { :select=> " *,\"Phenoelit\" as persistence_token from users -- " } } …would create a query like this User.find_by_id(params[:user_credendtials_id]) …would create a query like this User.find_by_id(params[:user_credendtials_id]) User.find_by_id({:select =>"*,\"Phenoelit\" as persistence_token from users --"}) …would create a query like this User.find_by_id(params[:user_credendtials_id]) User.find_by_id({:select =>"*,\"Phenoelit\" as persistence_token from users --"}) SELECT *,"Phenoelit" as persistence_token from users -- FROM "users" WHERE "users"."id" IS NULL LIMIT 1 Blood in the water… CVE-2013-0155 CVE-2013-0156 CVE-2013-0269 CVE-2013-0333 CVE-2013-0155 "Unsafe Query Generation Risk in Ruby on Rails" def reset_password if (@user = User.find_by_token(params[:token])) @user.reset_password! render :json => 'Success' else render :json => 'Failure' end end # POST to http://localhost:3000/users/ reset_password with "{\"token\":[null]}" CVE-2013-0156 "Multiple vulnerabilities in parameter parsing in Action Pack" Content-Type:
    [Show full text]
  • Truenas® Privacy and Security Compliance Features
    TRUENAS® PRIVACY AND SECURITY COMPLIANCE FEATURES Risk accountability EPR HIPAA information users PCI DSS ZFS HITECH TrueNAS ePHI branches corporate EPH health internal storage Compliance FreeNAS external process Audit encryption management patient GUI GDPRBackup data GRCFIPS 140-2 FreeBSD technology Governance enterprise NO MATTER ITS SIZE, EVERY BUSINESS TRUENAS PROVIDES FEATURES FOR REAL OPERATES IN A REGULATED ENVIRONMENT SECURITY AND COMPLIANCE Thanks to legislation like the European Union General TrueNAS is a unified file, block and object storage Data Protection Regulation (GDPR), it’s no longer only solution built on the OpenZFS self-healing file system government and medical providers that need to comply that supports hybrid and all-flash configurations. Unlike with strict privacy and security regulations. If your many competing storage systems, each TrueNAS scales business handles credit card information or customer from a few workgroup terabytes to multiple private personal information, you must navigate an alphabet cloud petabytes, all with a common user experience and soup of regulations that each include distinct obligations full data interoperability. and equally-distinct penalties for failing to comply with those obligations. From PCI DSS to the GDPR to TrueNAS uses a myriad of network and storage HIPAA, a common theme of data security stands out as encryption techniques to safeguard your data a fundamental requirement for regulation compliance throughout its life cycle and help assure your regulation and TrueNAS is ready
    [Show full text]
  • Azure Forum DK Survey
    #msdkpartner #msdkpartner Meeting Ground Rules Please post your questions in the chat – We aim to keep QnA at the end of each session Please mute yourself to ensure a good audio experience during presentations This meeting will be recorded #msdkpartner Today's Agenda 08:30 - 08:35​ Welcome​ 08:35 - 09:15 Best of Build 09:15 - 10:00​ Top 5 Reasons to chose azure (vs. on-premise) 10:05 - 10:25​ Azure in SMB ​ 10:25 - 10:30​ Closing #msdkpartner #msdkpartner Hello! I’m Sherry List Azure Developer Engagement Lead Microsoft You can find me at @SherrryLst | @msdev_dk DevOps with Azure, GitHub, and Azure DevOps 500M apps and microservices will be written in the next five years Source: IDC Developer Velocity 100x 200x 7x 8x faster to set up a more frequent fewer failures on more likely to have dev environment code deployments deployments integrated security Source: DORA / Sonatype GitHub Actions for Azure https://github.com/azure/actions Azure Pipelines AKS & k8s support YAML CI Pipelines YAML CD Pipelines Elastic self-hosted agents Community and Collaboration In modern applications 90% of the code comes Your Code from open source Open Source Most of that code lives on GitHub Sign up for Codespaces Preview today https://github.co/codespaces Security and Compliance 70 Security and Compliance 12 56 10 42 7 LOC (M) LOC 28 5 Security Issues (k) Issues Security 14 2 Lines of code Security threats 0 0 Apr Jul Oct Jan Apr Jul Oct Jan Apr Jul Oct Jan Apr Jul Oct Jan Apr Jul Oct Jan Apr 2015 2015 2015 2016 2016 2016 2016 2017 2017 2017 2017 2018 2018 2018
    [Show full text]
  • Securing Security Tools Suricon Ö.Wï
    Securing Security Tools SuriCon ö.wÏ Pierre Chiìier [email protected] French National Information Security Agency ö.wÏ ANSSI ◮ Created on July Åth ö..R, theANSSI (FrenchNetwork and Information SecurityAgency)isthe national authorityfor the defense and the security of information systems. ◮ Under the authority of the Prime Minister ◮ Main missions are: ◮ prevention ◮ defense of information systems ◮ awareness-rising http://www.ssi.gouv.fr/en/ ANSSI Securing Security Tools ö/öÏ Securing Security Tools Objectives of this talk: ◮ Improving security of tools ◮ Not on small steps,but trying to solve problems ◮ Consider alternatives to common solutions ◮ Test our claims ANSSI Securing Security Tools é/öÏ What is a network IDS ? A device that ◮ monitors network for malicious activity ◮ does stateful protocol analysis ◮ raises alerts to the administrators ◮ has to be fast ANSSI Securing Security Tools ÿ/öÏ What is a network IDS ? From the security point of view, a NIDS is: ◮ exposed to malicious traíc ◮ running lots of protocols dissectors ◮ connected to the admin network ◮ coded for performance ANSSI Securing Security Tools ó/öÏ Root causes ◮ Bad speciícations ◮ when they exist ◮ Design complexity and attack surface ◮ Formats complexity ◮ Programming language ◮ Paradox: many security tools are not securely coded ◮ “I’ll íx it later” ◮ Infosec peopleconsidering it’s “not their job” ANSSI Securing Security Tools Ï/öÏ Mimimal solutions ◮ Finding vulns does not (really)help security! ◮ But it helps (raising awareness, demonstrating the
    [Show full text]
  • Ed 377 034 Title Institution Pub Date Note Available
    DOCUMENT RESUME ED 377 034 SE 054 362 TITLE Education & Recycling: Educator's Waste Management Resource and Activity Guide 1994. INSTITUTION California State Dept. of Conservation. Sacramento. Div. of Recycling. PUB DATE 94 NOTE 234p. AVAILABLE FROMCalifornia Department of Conservation, Division of Recycling, 801 K Street, MS 22-57, Sacramento, CA 95814. PUB TYPE Guides Classroom Use Teaching Guides (For Teacher) (052) EDRS PRICE MF01/PC10 Plus Postage. DESCRIPTORS Bilingual Instructional Materials; *Class Activities; Constructivism (Learning); *Educational Resources; Elementary Secondary Education; *Environmental Education; Evaluation Methods; *Recycling; Solid Wastes; Teaching Guides; *Waste Disposal; Worksheets IDENTIFIERS *California ABSTRACT This activity guide for grades K-12 reinforces the concepts of recycling, reducing, and reusing through a series of youth-oriented activities. The guide incorporates a video-based activity, multiple session classroom activities, and activities requiring group participation and student conducted research. Constructivist learning theory was considered during the development of activities. The guide is divided into the following sections:(1) 12 elementary and mieldle school classroom activities;(2) eight middle and high school classroom activities;(3) school recycling programs;(4) trivia, facts, and other information;(5) listing of 338 supplementary materials (activity, booklets, coloring and comic books, books, catalogs, curricula, extras, magazines, recycling programs, and videos);(6) listing of 39 environmental organizations; (7) approximately 1,300 California local government and community contacts; and (8)a glossary. Many activities incorporate science, history and social science, English and languege arts, and mathematics and art. Most activities include methods for teacher and student evaluations. Spanish translations are provided for some activity materials, including letters to parents, several take-home activities and the glossary.
    [Show full text]