[教學] HOWTO : Protect My Home Network With Croissants
What is Croissants?
Croissants is an Intrusion Detection and Prevention System and running with Suricata. The components also including Snorby (Event Manager & Web Interface), Pigsty (Event Spooler) and Pulledpork (Rules Manager).
Suricata is a high performance Network IDS, IPS and Network Security Monitoring Engine. Croissants running on AF_PACKET with Suricata and it throughtput is up to 10GB traffic. AF_PACKET is one of Linux kernal modules since version 3.6 and it is designed for packet capturing. It is almost plug and play.
AF_PACKET can be running on a very low-end x86 computer, such as Intel ATOM D2550 CPU with 4GB or 8GB RAM. I recommend to use at least 8GB RAM for home security purpose. More memory and faster more cores Intel CPU for Home Office or larger business.
I am the developer of the Croissants. The Croissants is very easy to install and maintain. I hereby to introduce Croissants to you all. The full article is here. You can download it at here.
Hope you enjoy and have your secured home network.
(1) Croissants is IDS and IPS on the same box. If you configure it to drop some rules, it is acting as IPS and leave other untouched rules as IDS. You can see the feedback from the web interface "Snorby".
(2) I recommend to put the sensor (IPS/IDS) in front of the router for home users. It is because, their home switches are hub more than a real switches as business one. The article is talking about setting a IDS behind the router is my experiment only.
(3) I think Raspberry Pi 2 is not good for Croissants as the limited CPU power and the number of NICs on the board. I recommend the CPU should be at least Intel ATOM D2550 and the amount of RAM is at least 4GB for a low traffic home network.