In September, I gave a talk about running Bro NSM on BSD operating systems. The talk was well received and stirred interest in the BSD operating systems and their use for network security monitoring. The slides (and at the some point the video) for my talk are posted here:
One of the interesting things I learned at this conference, was the important role that FreeBSD plays in regards to Bro. FreeBSD and Linux are treated as the tier 1 operating systems for which Bro must work on before a software update is released. After my talk was given, the updated netmap code was merged into the FreeBSD 12-CURRENT tree to add better support for packet I/O on FreeBSD which Bro can be configured to use. For those interested in running Bro, Bro 2.5 is now available for download from here:
The port/pkg updates should be available soon for FreeBSD. I will be working to get 2.5 into OpenBSD 6.1, as the Bro port was updated to 2.4.1 in September.
Not as much BSD related, but SuriCon 2016 was held in Washington, DC and was a great conference discussing the open source IDS/IPS engine Suricata. Users of Suricata on FreeBSD can compile in support for netmap, to provide fast packet I/O for use with IDS. There are configurations with netmap-fwd that can be used with ipfw to provide fast IPS capabilities that I am looking to further test. I gave a lighting talk on pulledpork, the signature update script that works with Snort and Suricata. A lot of people have forked pulledpork to suit their own needs and there seems to be some common themes that could be incorporated into pulledpork to provide value for everyone. I fully recommend these conferences to anyone interested in network security monitoring and open source security tools as I really enjoyed the content.
Author: Michael Shirk