No video :(

Security & Intrusion Detection With pfsense, Suricata, pfblocker and blocking what's missed

Подписаться 337 тыс.

Просмотров 75 тыс.

50% 1

Amazon Affiliate Store
➡️ www.amazon.com...
Gear we used on Kit (affiliate Links)
➡️ kit.co/lawrenc...
Try ITProTV free of charge and get 30% off!
➡️ go.itpro.tv/lts
Use OfferCode LTSERVICES to get 5% off your order at
➡️ lawrence.video...
Tesla Referral Program Offer
🚘 www.tesla.com/...
Lawrence Systems Shirts and Swag
👕 teespring.com/...
Digital Ocean Offer Code
➡️ m.do.co/c/85de...
HostiFi UniFi Cloud Hosting Service
➡️ hostifi.net/?v...
Protect you privacy with a VPN from Private Internet Access
➡️ www.privateint...
Google Fi Service Referral Code
📱g.co/fi/r/TA02XR
More Of Our Affiliates that help us out and can get you discounts!
➡️ www.lawrencesy...
Twitter
🐦 / tomlawrencetech
Patreon
🔗 / lawrencesystems
Our Forums
🔗 forums.lawrenc...
GitHub
🔗 github.com/law...
Discord
🔗 / discord
Our Web Site
🔗 www.lawrencesy...
PIA Internet Access Affiliates Link
www.privateint...
Log Tool used
goaccess.io/
Suricata Network IDS/IPS System Installation, Setup and How To Tune The Rules & Alerts on pfSense
• Suricata Network IDS/I...
Using the pfBlockerNG with pfSense to block IP addresses by country
• 2016 Using the pfBlock...
#pfsense #Firewalls

Опубликовано:

6 сен 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 43

@thomask.9347 2 года назад

At this point I search for something on RU-vid and as soon as I see it's a Lawrence Systems Video, I like and comment for the algo. Other way I might forget. I know it's gonna be good. Great videos guys!

@holyindian 5 лет назад

Loved this video. Its for the first time I have commented on your video, though I am a long time subscriber. This video was totally worth it, tons of important info. Great quality content you have covered Sir.

@minigpracing3068 5 лет назад

Suricata or Snort? I know you have a recent video on Snort and how it has changed so I'm wondering which would be easier to operate on a day by day basis. I'm on a private LAN at a college, and connect back to the college through a pfSense box. Right now I have all incoming connections blocked, but I need to open a few ports for some services that we want to roll out for our students so they can do work at home. This means getting IDS/IPS up and running. I'm leaning toward Suricata because it seems to be the newer style and will use multiple processors/threads (which I have), not sure if Snort updated to have this feature yet. I'll have to look into pfblocker a bit more, not sure if I want to lock out too many regions because we do have a Shoutcast server running and I wouldn't want to block people who may have students in our program "on the air" on our station. We have had many people listen to their kids from military bases around the world and I'd hate to deprive them. And thanks for the great videos, you've really helped out a lot.

@MaximilianImaging 5 лет назад

TOM = SUPER HERO OF THE INTERNET

@AFiB1999 3 года назад

Hello Lawrence Systems, TOM!. It called me an attention that Suricata was blocking Google and Gmail and acting up on linkedln after watch one of your videos on how to setup pfblockerng and Suricata and I setup on my box. After a lot of researching, going to block list and IPs, I found out on Reddit u/buildsrc that Suricata could possible share and compete the same ET emerging rules. Would be make a video explaining which ET Rules should we all enable on pFblocker and which one should enable/disable on Suricata? So that way alleviate the CPU and Mem on pfsense boxes We love your videos! Thanks very much!

@ruthlessadmin 4 года назад

With a good backup & HA policy, I fully support auto updates. It's people that have gotten bit in the ass from their own lack of foresight that tend to get their panties in a bunch about it.

@This_Month_In_History 4 месяца назад

With the block rule set, is pfblocker or suricata necessary to have in your pfsense?

@FabianoDelGaudio 4 года назад

You've once again delivered great, quality content. Thanks Tom for the time and effort you put on this channel; it is a great source of information and what I like the most, you talk about the 'internals' for a more technical audience. Finally a great technical channel.. thanks!

@CoreyThompson73 5 лет назад

shodan is good at finding open VNC, IP cameras, Barix boxes (used for things like sudio-transmitter links for radio stations), PLCs that are open to the internet....Good thing to but your own networks in there periodically to make sure nothing is exposed that shouldn't be...

@BrianThomas 4 года назад

I have the same notification. Ha ha too funny!!!

@michaelstidham5957 5 лет назад

You should check the IPs in question over at AbuseIPDB.com also. They have a huge database of attackers.

@dabneyoffermein595 9 месяцев назад

do they still have it, or is there a better one you know of now?

@MaximilianImaging 5 лет назад

You always inspire me to move into IT.

@BrianThomas 4 года назад

What interface should we be setting Suricata on? WAN or LAN, or both?

@SomeGuyInSandy 5 лет назад

Nice! Lot's of good stuff here, thanks!

@lucdelvigne3019 3 года назад

excellent ... really good info to go further on.

@atephoto 5 лет назад

The ip which was beating your server with GET, couldn't it be like a RSS service or someone using a program to get notified when your page change?

@Haltm82 4 года назад

Hi, how can i allow an IP range or whole domains (for example all the AnyDesk IPs)? Thank you.

@Temido2222 5 лет назад

Remember to report these IPs

@munyakay5453 4 года назад

Loved the video Lawrence any chance you can do a tutorial of Suricata 5.03? I have tried with snort paid rules and still won't work?

@JJnATX 5 лет назад

would enjoy seeing pfsense hooked into a open source SIEM ...

@ArthursHD 4 года назад

Nice, good stuff! MXtoolbox found IP blocked a year later :)

@sethwilliamson 5 лет назад

Good video Tom! Have you set up (or considered) a central syslog server for log collection, rotation, and analysis? Maybe throwing syslog-ng and logrotate on your Zabbix server? Along with GoAccess, GreyLog looks interesting. Logstash and Fluentd look pretty powerful. I'm just recently starting to get to the point where SSHing into each box to check logs is starting to feel tedious and I'm poking my head out to see what approaches others have had success with (particularly with FOSS/low-cost yet still capable solutions.) Remote syslog with logrotate is pretty straight forward, but I'm a bit overwhelmed with the analysis options. Any insight you or others could offer?

@00011theman 5 лет назад

Finally, I was just looking for this

@BillyDickson 5 лет назад

Great stuff Tom, thanks for sharing.

@davidwalker8481 4 года назад

Hi Tom, ever work with open source extended Berkeley Packet Filtering (eBPF/BPF) to scrub DDoS attempts?

@jiddster 5 лет назад

Good stuff as always - I would be interested in a video in how to setup GoAccess with Suricata or Snort if you get time. Thanks.... Jid

@Simte 5 лет назад

Interesting.

@gilliangoud 5 лет назад

Very helpful :)

@bengroves2502 5 лет назад

"Secuirty"? :)

@LAWRENCESYSTEMS 5 лет назад

And typos!

@karthickesaki1 4 года назад

Your grate

@MaximusBlue2 5 лет назад

Suricata 4.1.4_5 wont start for me once I install it and create the categories and update the packages . it shows a red x on the interface. anyone know how to get this to start ?

@MaximusBlue2 5 лет назад

nevermind this fixed it for me chrislazari.com/pfsense-suricata-service-fails-resolved/