Running Bro on BSD by Michael Shirk

105 Views
Published
An analysis of high performance solutions running on BSD operating systems.

For several years, Security Onion has been the de facto standard for demonstration and even production IDS/IPS deployments. However, there are a number of system administrators and security engineers (like myself) who refuse to run Ubuntu, let alone a Linux operating system. Yet when it comes to ease of use and performance of an NSM system, commodity hardware and inexpensive network cards with Linux and PF_RING rival even commercial monitoring solutions.

The goal for this talk will be to provide an analysis of running Bro on an alternate operating system such as FreeBSD, that provides a solid base OS in comparison to Ubuntu. This talk will provide some background of the BSD operating systems as the basis for Network Security Monitoring, IDS/IPS, and why some recently have been looking for alternatives to Linux due to the adoption of systemd. Highlights will include a discussion on the current FreeBSD solution in use by the Lawrence Berkley Laboratory that is scaling up to be a 100 Gb IDS.

Using commodity hardware, solutions such as PF_RING on Linux will be compared with available solutions on FreeBSD, such as the netmap framework, packet-bricks, and specialized network hardware.

Speaker Bio: Michael Shirk is a BSD zealot who has worked with OpenBSD and FreeBSD for over 9 years. He works in the security community and supports open source security products that run on BSD operating systems (Snort, Suricata, Bro, AIDE).
Michael is the President of Daemon Security Inc., a company which provides security consulting and solutions utilizing UNIX based operating systems: http://www.daemon-security.com

Slides: https://www.bro.org/brocon2016/slides/shirk_bsd.pdf
Category
Network Cards
Be the first to comment