Protecting your network with the Suricata intrusion detection system

Conclusion

IDS and IPS systems are generally difficult to set up and maintain. If you don't tune your rules, you can get a lot of false positives, which might block legitimate traffic or mask an actual attack in the flood of alerts. However, the upside is significant; you can block attacks in real time (using IPS mode) and provide alerts of outgoing attacks (indicating compromised internal hosts). Additionally, certain types of data (such as TLS/SSL certificate logs) do not take up a lot of space and can provide invaluable insight later, when attacks occur and information about malware becomes available. Once network traffic is gone, it's gone forever. Unless you record it, chances are you'll never be able to reconstruct what truly happened.

Infos

  1. Suricata: http://suricata-ids.org/
  2. Suricata Installation: https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Installation
  3. PulledPork: https://code.google.com/p/pulledpork/downloads/list
  4. Suricata IPS Setup: https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Setting_up_IPSinline_for_Linux
  5. Barnyard2: https://github.com/firnsy/barnyard2
  6. libhtp: https://github.com/ironbee/libhtp
  7. Suricata File Extraction: https://redmine.openinfosecfoundation.org/projects/suricata/wiki/File_Extraction
  8. pyinotify: https://github.com/seb-m/pyinotify
  9. Security Lessons: Spoofed Browsers: http://www.linux-magazine.com/w3/issue/114/054-055_kurt.pdf
  10. Mozilla Included certificate authorities: https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/included/
  11. Blocklists of Suspected Malicious IPs and URLs: http://zeltser.com/combating-malicious-software/malicious-ip-blocklists.html
  12. Snorby: https://snorby.org/

« Previous 1 2 3 4 5 6

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Tutorials – Intrusion Protection

    No computer security is perfect, so make sure you've got a second line of protection.

    more »
  • Snort Helpers

    Snort is the de facto standard for open source network intrusion detection. The developer community has kept a fairly low profile for a couple of years, but extensions like Snorby, OpenFPC, and Pulled Pork have given the old hog a new lease on life.

    more »
  • The New Snort

    Get ready for a bigger and better Snort. If you're used to protecting your systems with this trusty intrusion detection tool, you'll appreciate the new features in the latest version.

    more »
  • Tripwire

    The simple but effective Tripwire HIDS provides its service quietly and discreetly, preventing attackers from infecting computers with trojans, backdoors, or modified files by identifying anomalies unnoticed by the user.

    more »
  • Snort

    Search out hidden attacks with the Snort intrusion detection system.

    more »
comments powered by Disqus

Visit Our Shop

Trial Subscription

Digital Subscription

Subscribe

Direct Download

Read full article as PDF:

Price $2.95

News

Tag Cloud

Administration Community Desktop Events Hardware Linux Linux Pro Magazine Mobile Programming Software Ubuntu Web Development Windows free software open source