Suricata IDS/IPS on pfSense

Detecting and preventing threats Introduction To provide security in a network you can deploy IDS or IPS systems. The difference is on the second letter, D stands for detection and P for prevention. First you start a system in IDS mode and only then you configure it to become IPS system. Enabling Suricata in IPS mode from the start could be confusing. It is advisable to see what’s going on…

Disabling uncategorized internal Suricata rules in pfSense

I want to enable only particular rules categories. Do not want to have all these internal Suricate rules as they cover too broad variaty of cases including loads of false-positive. If one would like to go for deep traffic analysis then they would be fine, but in case you see “STUN Binding Request On Non-Standard High Port” and know that is your P2P camera in the LAN then it’s worth…

WordPress Appliance - Powered by TurnKey Linux