Chapter 13: Intrusion Prevention Systems on Linux

In this chapter, we'll build on packet capture and logging to explore intrusion prevention options on the Linux platform. An Intrusion Prevention System (IPS) does exactly what it sounds like – it monitors traffic, and either alerts on or blocks suspicious or known malicious traffic. This can be done in a variety of ways, depending on what traffic you are trying to monitor.

In particular, we'll cover the following topics:

What is an IPS?
Architecture/IPS placement
Classic IPS solutions for Linux – Snort and Suricata
IPS evasion techniques
Suricata IPS example
Constructing an IPS rule
Passive traffic monitoring
Zeek example – collecting network metadata

Let's get started!

Technical requirements ...

Get Linux for Networking Professionals now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Linux for Networking Professionals by Rob VandenBrink

Chapter 13: Intrusion Prevention Systems on Linux

Technical requirements ...

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly