Improve your Network Security with OpenSource IDS/IPS

Abstract

This talk will give an overview of the capabilities of the OpenSource Intrusion Detection/Prevention System Suricata. Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine.

Suricata inspects the network traffic using a powerful and extensive rules and signature language, and has powerful Lua scripting support for detection of complex threats.

With standard input and output formats like YAML and JSON integrations with tools like existing SIEMs, Splunk, Logstash/Elasticsearch, Kibana, and other database become effortless.

Suricata’s fast paced community driven development focuses on security, usability and efficiency.

In this Talk you will learn how to integrate an IDS/IPS into your existing network infrastructure and how to get the most use out of it. This talk will focus on some key features like packet capture, pcap analysis, detection and prevention modes, file extraction and different protocol detection like http. You will also get an overview of different logging outputs and basic rule writing.

This talks demands basic knowledge in network security techniques.

Talk

• slides, recording

Andreas Herz

Andreas is a software developer with focus on open source and security related projects. He’s working in the open source community for over 10 years with a focus on Linux networking and firewall. Andreas works as Senior Operations Engineer at makandra in Augsburg and is also a Coreteam Developer at the OISF for Suricata.