Segurança Em Redes De Comunicações

Network Deployment

IDS

  • Network tap.

  • Reports to the network management system.

IPS

Network tap with firewall integration
Inline with firewall integration
Inline with embedded firewall

IDS/IPS Actions

Suricata

  • alert - generate an alert.

  • pass - stop further inspection of the packet.

  • drop - drop the packet and the generated alert.

  • reject - send RST/ICMP unreachable error to the sender of the matching packet.

  • rejectsrc - same as just reject.

  • rejectdst - send RST/ICMP error packet to the receiver of the matching packet.

  • rejectboth - send RST/ICMP error packets to both sides of the conversation.

Snort

  • alert - generate an alert using the selected alert method, and then log the packet.

  • log - log the packet.

  • pass - ignore the packet.

  • drop - block and log the packet.

  • reject - block the packet, log it, and then send a TCP reset if the protocol is TCP or an ICMP port unreachable message if the protocol is UDP.

  • sdrop - block the packet but do not log it.

PreviousSignature vs. Anomaly BasedNextCore and End-to-End Monitoring

Last updated