jnebrera at eneotecnologia
Jul 4, 2012, 1:23 AM
Post #1 of 1
(162 views)
Permalink
|
|
redBorder IPS Presentation
|
|
Hi list members,
I would like to take the opportunity to present redBorder IPS, a new
Ruby on Rails based Open Source project around Snort.
redBorder IPS is a self contained Linux distribution with two different
roles:
As a Manager provides the following capabilities in a centralized manner:
* Event view and storage, based on Snorby with a few enhancements
* Hierarchical management of multiple sensor configurations (basic
networking services, basic Snort configuration) based on Chef with
our own recipes and web front end
* Very powerful rule management system (configuration, inheritance,
updating, multiple feeds, ...)
* SNMP monitoring for generic system capabilities (CPU Load, RAM
usage, ...) as well as specific Snort parameters (Alerts, KPPS,
CPU, ...)
* Advanced user management with roles, inheritance, auditing, ...
I is in the Sensor were we have been collaborating with Luca and Alfredo
to provide the following capabilities:
* Customized and hardened CentOS 6.2 system with all needed packets
* Latest Snort & pf_ring versions
* IPS mode running on top of pf_ring with specific performance
enhancements and capability to drop packets within pf_ring itself
* New IDS Forwarding mode running on top of pf_ring reflecting the
packets at kernel level and sending a copy to Snort maintaining
the capability to drop packets within pf_ring
* IDS mode running on top of clustered pf_ring
* In all cases, we have sponsored the enhancement of Snort DAQ to be
able to analyze multiple segments from the same Snort instance and
load balance between all available cores, thus granting better
hardware usage
* Support for Bypass (Fail to wire) cards from Silicom
We would like to thankSourcefire <http://www.sourcefire.com/>team
forSnort <http://www.snort.org/>, Dustin Webber forSnorby
<http://www.snorby.org/>, the seed we needed to accomplish in time our
daunting task, Luca Deri and Alfredo Cardigliano fromntop.org
<http://www.ntop.otg/>for their great job porting DAQ to the latest
pf_rinf and some performance and clustering enhancements,Opscode
<http://www.opscode.com/chef/>team for Chef andSilicom
<http://www.silicom-usa.com/>team for their support and experience
managing their great cards. Without all of them this project would not
have been possible.
Of course, we would also want to give a huge thank you toProduban
<http://es.wikipedia.org/wiki/Produban>andNextel
<http://www.nextel.es/?lang=en>, the two sponsors of all of the
developments done up to now. Without them, and without their approval to
release this contributions to the public this project would not exist.
All of this is freely available for registered users at project
website,www.redborder.net, and we hope to have the new DAQ available at
snort.org and ntop.org sites in the following days.
--
Jaime Nebrera - jnebrera [at] eneotecnologia
Consultor TI - ENEO Tecnologia SL
C/ Manufactura 2, Edificio Euro, Oficina 3N
Mairena del Aljarafe - 41927 - Sevilla
Telf.- 955 60 11 60 / 619 04 55 18
|
