In episode 3 of our cyber security virtual lab building series, we continue with our Opnsense firewall configuration and install the IDS/IPS features based on Suricata. We will look at the Emerging Threat rule sets including their pro telemetry provided by ProofPoint, and even learn how to write our own Suricata rules from scratch.
I will show you how to install custom rules on Opnsense using a basic XML document and HTTP server. Once our rules are enabled we will continue to perform a reconnaissance, port scan using NMAP and watch the Suricata IDS/IPS system in action as its identifies stealthy SYN scan threats on our system.
By the end of this video you have will a fairly good foundation to start with IDS/IPS systems and be able to use and develop on these these skills to implement these systems in a real world production environment.
Links used in the lab:
- Suricata rules writing guide: https://bit.ly/34SwnMA
- Emerging Threat (ET Rules): https://bit.ly/3s5CNRu
- ET Pro Telemetry: https://bit.ly/3LYz4Nx
- Hyperscan info: https://bit.ly/3H6DTR3
- Aho-Corasick Algorithm: https://bit.ly/3LQ3NvR