Showing posts from 2016

Building an IDS on RHEL 7 using Suricata

I was recently tasked with throwing up a replacement IDS box after an appliance 'died' in not-so-mysterious circumstances during some DC work. The IDS (Suricata) was stipulated, as was the base platform (RHEL 7). I wanted to share here some of the notes I made during the build and subsequent testing, some useful links as well as one 'gotcha' I encountered along the way. These might cause you headaches in keeping your IDS running. There are a ton of good articles already around covering how to get Suricata working on CentOS (RHEL's community backed spin off) but special mention has to go out to Daniel Miessler's guide which I've linked to below. In terms of getting Suricata up and running it really covers everything. That gotcha You can provide Suricata with parameters around pcap file management if you're capturing full packet and writing it to disk. These parameters are the size limit for each pcap file and the number of files to retain

My 3 Big Security Predictions for 2016

It doesn't feel like a year since I last sat down and wrote about what the next year might bring. 2015 has flown by and looking back on it now its difficult to say with any confidence that things are getting better or going to any time soon. 1. Attacks on (and from) the Internet of Things (IoT) The IoT or 'smart' things are the fastest growing area of concern I have today and I suspect this concern to only grow in 2016. This concern not only centres around the direct consequence or impact from incidents which target IoT devices specifically, but also around the potential these might have to allow an attacker to 'pivot' to other systems on the same network (your home, your office, the hospital or power station you work at...). For me, IoT is the embodiment of fashion over function. Little to no requirements appear to be driving IoT development and some of the stuff that appears to be in the works is just bonkers. Seemingly, companies are solde