Home > Schedule > Security

Festival des Arts Numériques Libres

Suricata, rethinking IDS/IPS

Speaker(s) : Eric Leblond

  • Language : Anglais
  • Level : Confirmed
  • Nature : Conference
  • Date : Tuesday 12 July 2011
  • Schedule : 15h20
  • Duration : 40 minutes

Place : Patio - Amphi 6

Abstract

Suricata is an IDS/IPS engine developped by the Open Information Security Foundation (OISF) which is a non profit foundation organized to build the project. Suricata is an IDS/IPS of the same family as Snort. It analyses network traffic by matching the packets against a set of rules to detect suspect trafic. Suricata has been developed from scratch by OISF since 2007 and the 1.0 release has been published July 1st, 2010. Suricata has a multithreaded architecture and its scalability on multi CPU system has been proven. It is also able to use CUDA for acceleration. IDS and IPS are native features and snort ruleset are supported. It has interesting features such as application layer parser. For example, suricata understand HTTP and it is possible to build rules on selected named fields (like cookie or uri). Developement is really active and new major features are planned.

Plan:

  • Project presentation
  • Architecture description
  • Perfomance overview
  • Some words about innovative functionnalities
  • Roadmap and planned features

Bio

Eric Leblond is a Free Software and Security hacker. He has started the NuFW project and, among other projects, he contributes to Netfilter and Suricata.

Attached documents

Présentation/talk Suricata
Présentation/talk Suricata (PDF - 672.8 kb)