Protecting your network with the Suricata intrusion detection system


IDS and IPS systems are generally difficult to set up and maintain. If you don't tune your rules, you can get a lot of false positives, which might block legitimate traffic or mask an actual attack in the flood of alerts. However, the upside is significant; you can block attacks in real time (using IPS mode) and provide alerts of outgoing attacks (indicating compromised internal hosts). Additionally, certain types of data (such as TLS/SSL certificate logs) do not take up a lot of space and can provide invaluable insight later, when attacks occur and information about malware becomes available. Once network traffic is gone, it's gone forever. Unless you record it, chances are you'll never be able to reconstruct what truly happened.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Tutorials – Intrusion Protection

    No computer security is perfect, so make sure you've got a second line of protection.

  • Snort Helpers

    Snort is the de facto standard for open source network intrusion detection. The developer community has kept a fairly low profile for a couple of years, but extensions like Snorby, OpenFPC, and Pulled Pork have given the old hog a new lease on life.

  • The New Snort

    Get ready for a bigger and better Snort. If you're used to protecting your systems with this trusty intrusion detection tool, you'll appreciate the new features in the latest version.

  • Sniffing Out Intruders

    Snort lets you protect your network from intruders with a customizable ruleset.

  • Tripwire

    The simple but effective Tripwire HIDS provides its service quietly and discreetly, preventing attackers from infecting computers with trojans, backdoors, or modified files by identifying anomalies unnoticed by the user.

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95