Background
Last week, I was trying to learn more about McAfee's Network Security Platform. It is one of the best network security solution available in the market. Simple, yet powerful and has a wide array of appliance that will fit to any size or requirement by their customer.As the title say, this post is not about McAfee NSP. I wrote this post to share my experience in setting up an IDS/IPS appliance for home (or even for SMB) use. Why I did this? Simple, I was curious what kind of attacks or traffic found in an ordinary user. Since nowadays, we are in a digital world and most of us are doing transactions online. How safe are we doing it? Also, how about if my workstation is infected with malware, how does it behave on my network?
Going open source!
Since of course I cannot afford buying my own Network IPS or even if I do, I cannot run it for a day due to expensive electricity. I end up searching for an open source solution. Lucky for me, I found Suricata! Suricata is an open source IDS/IPS and even NSM engine that runs on multiple platform. (Homepage: http://suricata-ids.org/) It officially supports the following:- Ubuntu
- Debian
- CentOS
- Fedora
- FreeBSD
- Mac OS
- Windows
You can also compile your own if you are using other platform.
Setting it up!
For this tutorial, I am using Ubuntu 10.04 LTS as my platform. There is a precompiled version of Suricata for Ubuntu, but in my case, I compiled my own binary for the sake of learning.Suricata does not come its own dashboard for viewing alert or event logs. Good thing, we have logstash that fully supports the log it generates. (logstash: http://logstash.net/) which will be cover also in this tutorial. :-)
There will be 4 part for this tutorial:
Part 1: Planning and installation
Part 2: Setup and Configure Suricata
Part 3: Setup and Configure Logstash
Part 4: Fine tuning
At the end of this tutorial, you should have a similar dashboard like this:
Nice huh? :) Stay tune for the tutorial or if you are the kind of person who really want to setup this then I recommend you visit Suricata website and read their basic tutorial. Until then, good day!
