Meaning, of it detects an issue, it shuts down the source. Good old Snort can do this pretty well with enough setup, Suricata with Bro built-in these days is another free tool at the top of the list. Think of it as just passively monitoring a port on your switch, as that's exactly what it is: cloning a port on your switch. NIDS is basically just a glorified alerting monitor and the easiest and less resource intensive. There are various hardware devices and even software that can do these, and depending on your switch(es) could be even easier. NIDS and NIPS techniques are the leading tools here. If you are wanting to "monitor" traffic, there are various IPSec concepts for this. The hardware can be anything, whatever you recommend, though I assume I can run the software mentioned above on a vanilla server or small PC. I'm interested in any recommendations you have for SOHO or SMB level firewalls and IDS/IPS, including the ones I mentioned above. ![]() Are we there yet as far as open source tools? Are these open source implementations able to detect signatures based on updated real world data and intel? Do they know anything about devices and active exploits targeting specific devices? I want something where I can tell it "This is a Ring XYZ model camera." and then it keeps its ear to the ground for any exploits of that model, shutting down any activity that fits the exploit. I've read about Snort, Suricata, Zeek, OSSEC, and others. But more generally just good insight into what's going on. I'm especially concerned about cameras and security systems, scenarios like the recent hack of Cloudflare's video cameras at their HQ building, the misc botnets, Mirai, etc. Hi all – What are some good solutions for firewall and IDS/IPS that can help prevent or mitigate IoT exploits? I want to get more insight into the traffic and behavior of smart home devices on the network.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |