Protecting your network with the Suricata intrusion detection system

Conclusion

IDS and IPS systems are generally difficult to set up and maintain. If you don't tune your rules, you can get a lot of false positives, which might block legitimate traffic or mask an actual attack in the flood of alerts. However, the upside is significant; you can block attacks in real time (using IPS mode) and provide alerts of outgoing attacks (indicating compromised internal hosts). Additionally, certain types of data (such as TLS/SSL certificate logs) do not take up a lot of space and can provide invaluable insight later, when attacks occur and information about malware becomes available. Once network traffic is gone, it's gone forever. Unless you record it, chances are you'll never be able to reconstruct what truly happened.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Tutorials – Intrusion Protection

    No computer security is perfect, so make sure you've got a second line of protection.

  • Building a Rasp Pi IDS

    An intrusion detection system was once considered too complicated and too expensive for a home network, but nowadays you can use a Raspberry Pi and the Suricata IDS for real-time notice of an incoming attack.

  • Smart Home Security

    Many IoT devices are so poorly protected against attacks that it is easy for an intruder to slip inside. With the right tools and best practices, you can bar the door.

  • Snort Helpers

    Snort is the de facto standard for open source network intrusion detection. The developer community has kept a fairly low profile for a couple of years, but extensions like Snorby, OpenFPC, and Pulled Pork have given the old hog a new lease on life.

  • The New Snort

    Get ready for a bigger and better Snort. If you're used to protecting your systems with this trusty intrusion detection tool, you'll appreciate the new features in the latest version.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News