Hi all – What are some good solutions for firewall and IDS/IPS that can help prevent or mitigate IoT exploits? I want to get more insight into the traffic and behavior of smart home devices on the network.
I'm especially concerned about cameras and security systems, scenarios like the recent hack of Cloudflare's video cameras at their HQ building, the misc botnets, Mirai, etc. But more generally just good insight into what's going on.
I've read about Snort, Suricata, Zeek, OSSEC, and others. Are these open source implementations able to detect signatures based on updated real world data and intel? Do they know anything about devices and active exploits targeting specific devices? I want something where I can tell it "This is a Ring XYZ model camera." and then it keeps its ear to the ground for any exploits of that model, shutting down any activity that fits the exploit. Are we there yet as far as open source tools?
I'm interested in any recommendations you have for SOHO or SMB level firewalls and IDS/IPS, including the ones I mentioned above. The hardware can be anything, whatever you recommend, though I assume I can run the software mentioned above on a vanilla server or small PC.
Thanks.
I'm especially concerned about cameras and security systems, scenarios like the recent hack of Cloudflare's video cameras at their HQ building, the misc botnets, Mirai, etc. But more generally just good insight into what's going on.
I've read about Snort, Suricata, Zeek, OSSEC, and others. Are these open source implementations able to detect signatures based on updated real world data and intel? Do they know anything about devices and active exploits targeting specific devices? I want something where I can tell it "This is a Ring XYZ model camera." and then it keeps its ear to the ground for any exploits of that model, shutting down any activity that fits the exploit. Are we there yet as far as open source tools?
I'm interested in any recommendations you have for SOHO or SMB level firewalls and IDS/IPS, including the ones I mentioned above. The hardware can be anything, whatever you recommend, though I assume I can run the software mentioned above on a vanilla server or small PC.
Thanks.