Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can this solution be used in a small medium enterprise? #38

Open
007scorpio opened this issue Mar 8, 2018 · 4 comments
Open

Can this solution be used in a small medium enterprise? #38

007scorpio opened this issue Mar 8, 2018 · 4 comments

Comments

@007scorpio
Copy link

No description provided.

@jamitupya
Copy link

jamitupya commented May 15, 2018
edited
Loading

i have yet to get this working for myself, but the concepts behind this are fairly standard fair IN todays SME's.

edit: it => IN

@rndrev
Copy link

rndrev commented Jun 17, 2018
edited
Loading

I'll answer your question and maybe someone will answer mine.

I think that this solution could be used in a small or medium enterprise. However, I would caution that Travis appears to have made this solution for use in a home based network so he can audit Internet of Thing devices connecting with that network size. A Raspberry Pi is a limited device, especially when it comes to the network connection. Which even though on the newest Pi is Gigabit, only functions at about 100-200 Megabit/s.

I believe the concepts used in this tool are innovative and could be used to secure a network, but whether this solution will scale gracefully, I fear it will not.

@cloudstrifeedge
Copy link

cloudstrifeedge commented Aug 10, 2018
edited
Loading

No.

I don't suggest you to use this project under an enterprise environment for now.

  1. 'sweetsecurity' service will cause network down, as I pointed out at here:

#45

  1. the critical-stack-intel used in this project is not operational for now(2018-08-10), as I pointed out at here:

#48

think about these:

your enterprise's LAN will down every time you start up your IDS device (someone might get fired...)

your IDS device will send NO alert because there's no critical stack IP database been downloaded forever......(so why we have this device, haha)

if you still want to use this project in your company,

  1. stop 'sweetsecurity' service
sudo systemctl stop sweetsecurity
sudo systemctl disable sweetsecurity
  1. use otx Alien Vault instead of critical stack

@royolsen
Copy link

The sweetsecurity service gave me a good scare. You almost certainly will not want the traffic to pass through the device by way of spoofing. Simply connecting a Pi to the office network and running setup.py sounds like good way to get fired real quick.

I would take this project as an idea pool and build a new solution tailored to your business environment. I would certainly recommend that you gain a good understanding of every component used in your configuration, don't be tempted into any shortcuts that could put your network at risk.

A more powerful board with dual gigabit would be more suited to the task of being a sensor device. It could listen to a SPAN port on one interface and take care of business on the other interface. Perhaps the Beagleboard X15 ($250) is a good fit.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@jamitupya @royolsen @rndrev @cloudstrifeedge @007scorpio