[Oisf-users] Suricata as a Web Firewall.

Cooper F. Nelson cnelson at ucsd.edu
Thu Dec 6 02:12:14 UTC 2018


This is just my opinion, but I'm a fan of 'defense-in-depth', so my
general model is to put your 'active' security controls in first (like a
WAF); then use suricata to monitor how well they are working.

So I would use NGINX as a reverse-proxy/SSL terminator and the put
something like Apache with mod_security behind it, with suricata
monitoring the decrypted traffic.  Do one thing and do it well.

In general I do not like the 'IPS' model given how common
false-positives are, combined with a simple core belief that we should
be building robust software stacks, systems and networks vs. putting
digital duct-tape on the wire.  That strikes me as simple sloppy
engineering. 

-Coop

On 12/5/2018 8:47 AM, Charles Devoe wrote:
> Is theer a reason why Suricat could not be used as a WAF?  Peronally,
> it seems ot me that If I can use the same tool to accomplish two
> things I will be further ahead as I won’t have to learn another tool.

-- 
Cooper Nelson
Network Security Analyst
UCSD ITS Security Team
cnelson at ucsd.edu x41042

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20181205/5045dfbd/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20181205/5045dfbd/attachment-0001.sig>


More information about the Oisf-users mailing list