Suricata is an open source network intrusion detection and prevention system.It analyzes the traffic content against a set of signatures to discover known attacks and also journalize protocol information. With the support of the Netfilter features, it was possible to build an IPS or IDS system, but now a new dynamic IDPS system is available. The purpose of this talk is to introduce the “mixed mode”, which permits to combine IPS and IDS. For example, this new approach allows a single Suricata to operate as IDS for traffic that is too critical to send through IPS and act as IPS for the rest of the it. The following point will be covered: - Motivation about mixing IPS and IDS - A brief introduction about Netfilter - How Suricata work as IPS/IDS with Netfilter - Advanced setup of Suricata and Netfilter in mixed mode
Giuseppe is a software developer at Stamus Networks focused on the development of open source software for network security, like firewall and intrusion detection system. He started his contribution in the open source world with the Netfilter organization, which he is still a member of, then he joined in the OISF community. He previously worked as independent contractor for Emerging Threats involved in Suricata development.