IPFire, a Linux distribution typically used in firewalls, is introducing a more proactive approach to dealing with malicious traffic. The changes involve IPFire's Intrusion Detection System (IDS): "One of the biggest changes we are now introducing is that the IDS will no longer just listen to traffic by default. Snort used to analyse a copy of every packet on the network. While it has been scanning it, it was passed on into the network. Any alarms that were raised had to be processed from a log file and potentially created iptables rules that blocked the host where the malicious packet came from. That leaves a tiny chance to an attacker to talk to a host on the network he wants to attack. Suricata takes the packet, analyses it first, and when it has passed all checks, it is being sent onward. Therefore, it is very easy for Suricata to be an Intrusion Prevention System, too. If the packet has failed the tests, it is just being dropped and alert is logged - leaving no chance to even send a single packet to the internal network. Because of that, we have renamed it on the IPFire Web UI and call it Intrusion Prevention System." More information on this change can be found in the project's blog post.
Star Labs - Laptops built for Linux.
View our range including the Star Lite, Star LabTop and more. Available with a choice of Ubuntu or Linux Mint pre-installed with many more distributions supported. Visit Star Labs for information, to buy and get support.