An analysis of high performance solutions running on BSD operating systems.
For several years, Security Onion has been the de facto standard for demonstration and even production IDS/IPS deployments. However, there are a number of system administrators and security engineers (like myself) who refuse to run Ubuntu, let alone a Linux operating system. Yet when it comes to ease of use and performance of an NSM system, commodity hardware and inexpensive network cards with Linux and PF_RING rival even commercial monitoring solutions.
The goal for this talk will be to provide an analysis of running Bro on an alternate operating system such as FreeBSD, that provides a solid base OS in comparison to Ubuntu. This talk will provide some background of the BSD operating systems as the basis for Network Security Monitoring, IDS/IPS, and why some recently have been looking for alternatives to Linux due to the adoption of systemd. Highlights will include a discussion on the current FreeBSD solution in use by the Lawrence Berkley Laboratory that is scaling up to be a 100 Gb IDS.
Using commodity hardware, solutions such as PF_RING on Linux will be compared with available solutions on FreeBSD, such as the netmap framework, packet-bricks, and specialized network hardware.
Speaker Bio: Michael Shirk is a BSD zealot who has worked with OpenBSD and FreeBSD for over 9 years. He works in the security community and supports open source security products that run on BSD operating systems (Snort, Suricata, Bro, AIDE).
Michael is the President of Daemon Security Inc., a company which provides security consulting and solutions utilizing UNIX based operating systems: http://www.daemon-security.com
Slides: https://www.bro.org/brocon2016/slides/shirk_bsd.pdf
For several years, Security Onion has been the de facto standard for demonstration and even production IDS/IPS deployments. However, there are a number of system administrators and security engineers (like myself) who refuse to run Ubuntu, let alone a Linux operating system. Yet when it comes to ease of use and performance of an NSM system, commodity hardware and inexpensive network cards with Linux and PF_RING rival even commercial monitoring solutions.
The goal for this talk will be to provide an analysis of running Bro on an alternate operating system such as FreeBSD, that provides a solid base OS in comparison to Ubuntu. This talk will provide some background of the BSD operating systems as the basis for Network Security Monitoring, IDS/IPS, and why some recently have been looking for alternatives to Linux due to the adoption of systemd. Highlights will include a discussion on the current FreeBSD solution in use by the Lawrence Berkley Laboratory that is scaling up to be a 100 Gb IDS.
Using commodity hardware, solutions such as PF_RING on Linux will be compared with available solutions on FreeBSD, such as the netmap framework, packet-bricks, and specialized network hardware.
Speaker Bio: Michael Shirk is a BSD zealot who has worked with OpenBSD and FreeBSD for over 9 years. He works in the security community and supports open source security products that run on BSD operating systems (Snort, Suricata, Bro, AIDE).
Michael is the President of Daemon Security Inc., a company which provides security consulting and solutions utilizing UNIX based operating systems: http://www.daemon-security.com
Slides: https://www.bro.org/brocon2016/slides/shirk_bsd.pdf
- Category
- Network Cards
Be the first to comment