Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
IDS or IPS for School Firewall [SOLVED]
« previous
next »
Print
Pages: [
1
]
Author
Topic: IDS or IPS for School Firewall [SOLVED] (Read 6181 times)
keithmcp
Newbie
Posts: 3
Karma: 1
IDS or IPS for School Firewall [SOLVED]
«
on:
April 25, 2018, 11:18:17 pm »
Hi,
Am new to opnsense (coming from other sense), and so far I lie it, but I need a little guidance or IDS versus IPS, I am having trouble understating which would be better for my setup. The setup is as follows:
Private school with around 180 students and 27 staff. Internet is 500Mbs up and down (Centurylink FiberPlus). Each student has a tablet or chromebook and teachers have either a desktop or laptop. There is one server (Windows 2016) with a CentOS 7 vm that runs OTRS helpdesk which will be internet facing. Based on this, do I need IDS/IPS and if so, which rulesets make the most sense to start off with?
The firewall hardware is a Partaker 1u i5-3317u with 6 Ethernet, 4GB Ram and 128 SSD.
I have used snort on the other sense, but I just enabled at the ETs, which was probably not smart, but it seems that what most suggested. Any input/advise would be very helpful.
Thanks in advance
«
Last Edit: May 14, 2018, 03:05:22 pm by keithmcp
»
Logged
Ciprian
Sr. Member
Posts: 284
Karma: 50
Re: IDS or IPS for School Firewall
«
Reply #1 on:
April 26, 2018, 11:13:28 am »
As you might have seen on other topics regarding ID(P)S and rulesets usage best practices/ advice, the rules and rulesets to be used is not at all "set it and forget it" quickly.
I recommend to read the docs/ explanations for those rulesets found on their corresponding websites, to understand their purpose, and then decide what to activate on your firewall.
I don't think anyone here will even try to give you a plug and play recipe, cause there is no such a thing.
Logged
keithmcp
Newbie
Posts: 3
Karma: 1
Re: IDS or IPS for School Firewall
«
Reply #2 on:
April 29, 2018, 09:01:13 pm »
Thanks. That was what I was thinking. Just wanted to know if anybody had any of the catergories that was a must have no matter what was behind the firewall. I am going to go through each one and see which ones will work best for me. I don't think that most will apply as I will only have desktop users behind the firewall and only one LAMP server that will be exposed to the web. I should be able to have a pretty streamlined IPS system.
Again any advice is helpful though.
Logged
dcol
Hero Member
Posts: 635
Karma: 51
Re: IDS or IPS for School Firewall
«
Reply #3 on:
May 07, 2018, 12:03:34 am »
I just use custom rules for TCP ports and a couple of rulesets in IDS/IPS. But as hutiucip says, every situation is different requiring specific rules. Some Snort rules are not compatible with Suricata, so watch out for that. Many rules protect resources you may not have. For a school, I would start with the chat, game, malware, trojan, and worm rulesets. Don't go crazy enabling a bunch of rulesets or you will be spending lots of time tweaking it.
Also, where you have many users on the LAN which may generate unpredictable traffic, you may consider IPS on the LAN as well.
You may also consider country blocks in the firewall for all countries outside your own.
In the beginning, plan on keeping a close eye on the blocks to catch false positives.
Logged
keithmcp
Newbie
Posts: 3
Karma: 1
Re: IDS or IPS for School Firewall [SOLVED]
«
Reply #4 on:
May 14, 2018, 03:06:08 pm »
Thanks to all for the advice, it was helpful.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
IDS or IPS for School Firewall [SOLVED]