What is Suricata? Suricata is an open-source network Network intrusion detection (IDS), intrusion prevention (IPS) and Network Security Monitoring engine. It is owned and maintained by the Open Information Security Foundation (OISF).
What problems does Suricata solve? Intrusion detection enables detection and response to malicious traffic. Intrusion detection systems analyse and monitor network traffic for signs that indicate that attackers are using a known cyber threat to infiltrate your network. An intrusion prevention system acts as a control measure or filter. It accepts or rejects data based on a set of rules.
How can Suricata be used? Suricata can be used in 3 ways:
- As a host-based IDS that monitors the traffic of an individual computer
- Monitor all traffic and alert when a malicious traffic comes through the network or
- To monitor traffic (IDS), alert when a malicious traffic is detected and stop malicious traffic (IPS) from entering the network.
Who are the major users of Suricata? Engineers, Network Managers, Security policymakers and anyone interested in network security or network intrusion detection systems.
How does my project fit into the larger community? What improvements will my project make? I am working on improving the quality of Suricata tests by cleaning up, simplifying and increasing coverage of the unit tests ( C and Rust ). Unit tests enable the testing of individual components of the software program or application. It is important because it helps to identify bugs or issues in the code or with recent changes to the code early. It is also great for debugging. All these help to significantly improve code quality.
The approach for this project is to:
- Clean up unit tests: Removing unclear code or old comments. Split complex Unit tests.
- Simplify tests: This would be achieved by converting complex tests to Suricata-verify tests. Suricata-verify tests are tests that run Suricata with a specific configuration and/or inputs and verify the outputs.
- Increasing coverage: writing unit tests for components that do not have unit tests available.
What new terms or concepts have I learned in the past month? Contributing to Suricata has taught me a lot of new things ranging from new concepts, various technologies to collaborations and techniques.
- Packet captures (Pcaps): Packet capture is the process of intercepting traffic moving over a specific computer network.
- Git grep: This is a git command that allows you search through your directory for a string or regular expression
- Wireshark: This is an open-source network protocol analysis software. In order to convert complex tests to Suricata-Verify, I have to inspect packet captures to determine what would be a good match for the test. Using Wireshark we can capture network traffic and inspect the details of the captured traffic. Information such as the source, destination
- Scapy: This is a python tool for sniffing, sending and creating packet captures. I use Scapy to generate packets for Suricata-verify tests
- Based on Suricata’s code of contribution guidelines, it is necessary to use versions when creating a branch. This helps to keep the git history clean and easy to understand. Sort of like creating threads on Discord. An example of how this is used is having a branch called detect-xxxx-v1. Where v1 denotes the version. The next iteration would be detect-xxxx-v2.
What makes me most excited to work on your project? Working with an amazing, distributed and supportive community. The opportunity to learn new things and actively contribute to a project as large as Suricata. Contributing to Suricata has opened me to the amazing possibilities of network security. I have also learnt the importance of asking questions when stuck, there is always someone to help out.
How can you get started contributing? So now you know how impactful Suricata is and you are geared up to contribute. Thankfully there are several resources that can help you get started contributing to Suricata. I will share the links to two resources that helped me get started:
First of all… Introduction!
Hello everyone. My name is Modupe. I was accepted as a December 2021 Outreachy intern with the Open Information Security Foundation (OISF). I will be working on the Suricata Project.
A bit about me. I am a Nigerian living in Lagos, Nigeria. If you are curious about Nigerians, I invite you to read “Becoming Nigerian” by Elnathan John. I am a graduate of Chemical engineering. In my free time, I enjoy reading, hanging out with friends, eating good food and volunteering. I recently started learning French too. My dream is to travel to a french-speaking country next year and experience the culture.
What are my core values? This got me thinking deep. I had to look at what is important to me and also evaluate my beliefs over the years. Core values are the fundamental beliefs of a person. In finding yourself, I believe you need to understand what your guiding principles are and what motivates your decisions. My core values are Community, Growth and Authenticity.
I value Community because it reminds me that I am part of something bigger. It drives me to get better so I can impact others in my community. The community also keeps me grounded and connected. It allows me to enjoy and appreciate diversity. I like to think of community as a support system.
I value Growth because I always want to ensure that I am making progress towards being a better version of myself. I would not want to look back five years from now and wonder what I spent my time doing. I also like to measure growth and celebrate my little wins. Being able to measure my growth keeps me grounded during gloomy days. It reminds me of how far I have come and why I should keep pushing.
I value Authenticity because I believe in being myself. I think it is important to understand who you are and stay true to yourself. I always like to remember who I am and what my purpose is. Authenticity is important to me because it helps me to stay focused and block out the noise and confusion of what everyone else expects me to be. Authenticity means I have accepted myself and radiate my true self for others to see. I like to believe that I am myself and I would not change because society expects me to, I will only grow into who I want to become.
Why did I apply to Outreachy?
The year 2020 was life-changing for me and for the world. It gave me enough time to reflect on my goals and what was important to me. My goal entering the year 2021 was to ensure I was living and not just going through the process of existing. I applied to Outreachy because I felt it was a place where I could connect with people from diverse backgrounds and experiences. I also saw it as an opportunity to contribute to a project that could impact people on a large scale. This was my first time applying to Outreachy and not only was I selected as an intern, but I also get to work with the amazing team at OISF. I believe this is a step in the right direction in my career. It is also a step in the right direction on my journey to living.
Welcome to WordPress! This is your first post. Edit or delete it to take the first step in your blogging journey.