OPNsense Forum
English Forums => Intrusion Detection and Prevention => Topic started by: klaasth on March 05, 2019, 03:59:11 pm
-
Dear OPNsensers
I am using OPNsense firewalls on different school campuses scince this schoolyear. We are using it for VPN access to compuses, conecting the compuses trough IPsec tunnels, are using traffic shapping and as a statefull firewall.
Now I am looking into IDS/IPS on OPNSense (Suricata). I watched different articles and youtube videos on IDS. Is IDS/IPS still usefull today in a world where most websites are HTTPS, in a world where users are using VPN software on their devices like Nordvpn to anonymize network traffic?
I would like to use IDS/IPS for detecting and preventing students or guests on our network to use automated network hacking tools and blocking out torrent downloads.
Is there someone who can explain the usefulness of IDS/IPS in a school network?
Many regards
IDS noob Klaas
-
Comments like: "Can we please stop asuming pfsense actually does help in most modern environments? How does pfsense with suricata protect my webserver or mailserver or whatever if the connections are using SSL... right it doesn't .. This wil make you feel more secure while it doens't really do alot. yes it helps for some things but we all can agree that atleast 30% of your daily traffic is SSL? I work for a relatively small comapny with around 200 users and we average 5300GB of traffic per month with 3700GB of that traffic being SSL(we also host our own webapps and apis etc..)."
-
Hi Klaas,
I think there are a number of good threads in the forums about this evergreen topic.
Cheers,
Franco