Suricata IDS/IPS Installation on Opnsense - Virtual Lab Building Series: Ep3
Hey all and welcome to my channel! In episode 3 of our cyber security virtual lab building series, we continue with our Opnsense firewall configuration and install the IDS/IPS features based on Suricata. We will look at the Emerging Threat rule sets including their pro telemetry provided by ProofPoint, and even learn how to write our own Suricata rules from scratch.
I will show you how to install custom rules on Opnsense using a basic XML document and HTTP server. Once our rules are enabled we will continue to perform a reconnaissance, port scan using NMAP and watch the Suricata IDS/IPS system in action as its identifies stealthy SYN scan threats on our system.
By the end of this video you have will a fairly good foundation to start with IDS/IPS systems and be able to use and develop on these these skills to implement these systems in a real world production environment.
Links used in video:
Suricata rules writing guide: https://bit.ly/34SwnMA
Emerging Threat (ET Rules): https://bit.ly/3s5CNRu
ET Pro Telemetry: https://bit.ly/3LYz4Nx
Hyperscan info: https://bit.ly/3H6DTR3
Aho-Corasick Algorithm: https://bit.ly/3LQ3NvR
NOTE: I am not sponsored by or affiliated to any of the products or services mentioned in this video, all opinions are my own based on personal experiences.
DISCLAIMER: All information, techniques and tools showcased in these videos are for educational and ethical penetration testing purposes ONLY. NEVER attempt to use this information to gain unauthorized access to systems without the EXCPLICIT consent of its owners. This is a punishable offence by law in most countries.
#IDS/IPS #Suricata #Opnsense #Cyber Security