I am trying to create a bridge with ThreatStop, IPS and block a few ports. This bridge will sit in front of my servers. All is working apart from the IPS.
I have read the documentation on configuring IPS, I have something configured that it hasn't complained about and nothing is logged so I believe that it isn't working. Is it possible to set-up IPS on a vyatta bridge? Also is it possible to read the logs/events with Snorby?
I have also posted this on the Vyatta forums
Best Answer
Vyatta has removed IPS from 6.4, and rule updates stopped working for ALL versions of IPS on March 31st.
This is detailed in their Version 6.4 FAQ
http://www.vyatta.com/files/pdfs/Vyatta_6_4_FAQ_Final.pdf
While ThreatSTOP does not do the signature based profiling that SNORT does, it does block many of the same attacks, more efficiently than a signature based IDS.
ThreatSTOP works by doing the detection in the cloud, where the ThreatSTOP systems and data sources profile the behavior of malware, finding out the IP addresses it comes from, and is controlled by. The enforcement is then done on the firewall, using IP addresses, which are much more efficient than signature based inspection.
This doesn't put the load on the firewall that IDS does, or cause the problems that led Vyatta to deprecate IDS (as described in the doc referenced above).