Suricata can be configured accordingly to following policies. Each policy consists of several rules:
Connectivity: check a large number of vulnerabilities, do not impact on non-realtime applications (eg VoIP)
Balanced: suitable for most scenarios, it is a good compromise between security and usability (recommended)
Security: safe mode but very invasive, may impact on chat and peer-to-peer applications
Expert: the administrator must manually select the rules from the command line
there is a “Download rules” button at bottom of IPS settings. After downloading the rule categories are available. They replace the simple settings I think…
I stumbled on that page via google and didnt noticed I wasn’t on the latest version.
Regarding the categories, since they are particularly technically complex, I wish that a button with conservative selection of settings would exist.
Or at least an explanation of possible side effects next to the most sensitive categories ?
Given the orientation of nethserver I guess that others will want to protect their network from intrusion but, like me, aren’t security specialist and don’t fully understand what each category does.
We tried the “simple” approach (3 presets) until the previous version but we never succeeded in protecting the network. The IPS is complex and must be adapted manually and gradually in every environment.
We could share our experiences and try to write some guidelines.