OPNsense Forum

English Forums => Zenarmor (Sensei) => Topic started by: walkerx on June 24, 2022, 03:45:31 pm

Title: Do I need Suricata IDS running if using Zenarmor (Sensei)
Post by: walkerx on June 24, 2022, 03:45:31 pm
Hi,

I've now got Sensei (free version) fully working on my setup and wondered if I still need to use Suricata at the same time?

Regards

Title: Re: Do I need Suricata IDS running if using Zenarmor (Sensei)
Post by: almodovaris on June 25, 2022, 10:58:18 pm
Zenarmor is no IDS.

And you only need Suricata if you open ports to the world.
Title: Re: Do I need Suricata IDS running if using Zenarmor (Sensei)
Post by: Vilhonator on July 01, 2022, 07:12:11 am
Short answer is no.

Surricata or any IDS/IPS doesn't protect your network any better than regular protection software, they just add 1 layer of extra security or block VPNs, proxies and access to certain websites (like facebook, google, youtube, netflix etc.) depending on what rules and policies you use.

IDS/IPS systems are more of a thing on corporate and SOHO networks, where network manager would for example block programmer team from accessing Facebook but allow that access for social media team.

Added security they bring would come in a form of having system alert when someone is accessing their network from unknown source and prevent known exploits which could potentially lead to data leaks.

Just like any antivirus program has some false positives and won't detect everything, same goes for Surricata and Zenarmor or any IDS/IPS systems, only thing they are like 90% of the time able to block, is access to known websites good or bad.
Title: Re: Do I need Suricata IDS running if using Zenarmor (Sensei)
Post by: Vilhonator on July 01, 2022, 07:42:47 am
In short.

Unless you won't be able to just wipe your hard drive and re-install operating system when your PC gets infected by ransomware due to having data which YOU ABSOLUTELY CAN'T LOOSE because YOU DO NOT OWN IT and it is confidential like customers credit card information, social security numbers, phone numbers, home addresses etc. then you have no reason to use IDS/IPS other than wanting to use one.

Best security practice that private individuals can do are:

Nowadays social media is biggest threat people can face. Sharing photos and all is nice, but that's also information that people are able to exploit.

For example my ex used to share his traveling plans 1 year ahead in which he told exact dates when he goes and comes back, that is untill his house was broken into and they shot his dog as well as stole anything worth stealing

I bet even you can imagine, how things can get nasty, when someone just tells their friends number to anyone who just asks nicely, without asking "now why should I tell my friends number to this person? Maybe there is a reason why (s)he doesn't know it, and maybe I should ask my friend first if it is ok"

I don't know if you remember or even heard, but couple years ago there was school bombing in Russia, after that they did security check. Out of 20 secret service agents disguised as blantantly obvious terrorists who tried to smuggle explosives to the country, 19 were able to bribe cops and border guards.

Social engineering is thing that people don't really consider, when they think about privacy. But all it really takes, is trusting wrong person, being careless or placing trust on things like automated systems, that's something no IPS/IDS is able to protect against