Suricata: mixing IPS/IDS mode
Key | Action |
---|---|
K or space | Play / Pause |
M | Mute / Unmute |
C | Select next subtitles |
A | Select next audio track |
V | Show slide in full page or toggle automatic source change |
left arrow | Seek 5s backward |
right arrow | Seek 5s forward |
shift + left arrow or J | Seek 10s backward |
shift + right arrow or L | Seek 10s forward |
control + left arrow | Seek 60s backward |
control + right arrow | Seek 60s forward |
shift + down arrow | Decrease volume |
shift + up arrow | Increase volume |
shift + comma | Decrease playback rate |
shift + dot or shift + semicolon | Increase playback rate |
end | Seek to end |
beginning | Seek to beginning |
Share this media
Download links
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamWhen subscribed to notifications, an email will be sent to you for all added annotations.
Your user account has no email address.
Information on this media
Links:
Number of views:
105Creation date:
July 5, 2016Speakers:
Giuseppe LongoCompany:
RMLLLicense:
CC BY SA v4Description
Suricata is an open source network intrusion detection and prevention system.It analyzes the traffic content against a set of signatures to discover known attacks and also journalize protocol information.
With the support of the Netfilter features, it was possible to build an IPS or IDS system, but now a new dynamic IDPS system is available. The purpose of this talk is to introduce the “mixed mode”, which permits to combine IPS and IDS. For example, this new approach allows a single Suricata to operate as IDS for traffic that is too critical to send through IPS and act as IPS for the rest of the it.
The following point will be covered: - Motivation about mixing IPS and IDS - A brief introduction about Netfilter - How Suricata work as IPS/IDS with Netfilter - Advanced setup of Suricata and Netfilter in mixed mode
Giuseppe Longo
Giuseppe is a software developer at Stamus Networks focused on the development of open source software for network security, like firewall and intrusion detection system. He started his contribution in the open source world with the Netfilter organization, which he is still a member of, then he joined in the OISF community. He previously worked as independent contractor for Emerging Threats involved in Suricata development.
Other media in the channel "Sécurité"
- 82 viewsMOWR, A virustotal-like service for web malwaresAugust 7th, 2016
- 273 views, 1 this yearMIG: Investigate 1,000 endpoints in 10sAugust 8th, 2016
- 59 viewsComplex malware & forensics investigationAugust 7th, 2016
- 129 viewsUsing and abusing MISP to track campaignsAugust 7th, 2016
- 18 viewsBuilding A Poor man’s Fir3Ey3 Mail ScannerAugust 8th, 2016
- 16 viewsHands-on security for DIY projectsAugust 7th, 2016