TravisFSmith / SweetSecurity

Network Security Monitoring on Raspberry Pi type devices
Apache License 2.0
779 stars 189 forks source link

Can this solution be used in a small medium enterprise? #38

Open 007scorpio opened 6 years ago

jamitupya commented 6 years ago

i have yet to get this working for myself, but the concepts behind this are fairly standard fair IN todays SME's.

edit: it => IN

rndrev commented 6 years ago

I'll answer your question and maybe someone will answer mine.

I think that this solution could be used in a small or medium enterprise. However, I would caution that Travis appears to have made this solution for use in a home based network so he can audit Internet of Thing devices connecting with that network size. A Raspberry Pi is a limited device, especially when it comes to the network connection. Which even though on the newest Pi is Gigabit, only functions at about 100-200 Megabit/s.

I believe the concepts used in this tool are innovative and could be used to secure a network, but whether this solution will scale gracefully, I fear it will not.

cloudstrifeedge commented 6 years ago

No.

I don't suggest you to use this project under an enterprise environment for now.

  1. 'sweetsecurity' service will cause network down, as I pointed out at here:

https://github.com/TravisFSmith/SweetSecurity/issues/45

  1. the critical-stack-intel used in this project is not operational for now(2018-08-10), as I pointed out at here:

https://github.com/TravisFSmith/SweetSecurity/issues/48

think about these:

your enterprise's LAN will down every time you start up your IDS device (someone might get fired...)

your IDS device will send NO alert because there's no critical stack IP database been downloaded forever......(so why we have this device, haha)

if you still want to use this project in your company,

  1. stop 'sweetsecurity' service

    sudo systemctl stop sweetsecurity
    sudo systemctl disable sweetsecurity
  2. use otx Alien Vault instead of critical stack

royolsen commented 5 years ago

The sweetsecurity service gave me a good scare. You almost certainly will not want the traffic to pass through the device by way of spoofing. Simply connecting a Pi to the office network and running setup.py sounds like good way to get fired real quick.

I would take this project as an idea pool and build a new solution tailored to your business environment. I would certainly recommend that you gain a good understanding of every component used in your configuration, don't be tempted into any shortcuts that could put your network at risk.

A more powerful board with dual gigabit would be more suited to the task of being a sensor device. It could listen to a SPAN port on one interface and take care of business on the other interface. Perhaps the Beagleboard X15 ($250) is a good fit.