SweetSecurity icon indicating copy to clipboard operation
SweetSecurity copied to clipboard

Published 20 hours ago verified publisher icon TravisFSmith

Can this solution be used in a small medium enterprise?

Open 007scorpio opened this issue 6 years ago • 4 comments

007scorpio avatar Mar 08 '18 17:03 007scorpio

i have yet to get this working for myself, but the concepts behind this are fairly standard fair IN todays SME's.

edit: it => IN

jamitupya avatar May 15 '18 06:05 jamitupya

I'll answer your question and maybe someone will answer mine.

I think that this solution could be used in a small or medium enterprise. However, I would caution that Travis appears to have made this solution for use in a home based network so he can audit Internet of Thing devices connecting with that network size. A Raspberry Pi is a limited device, especially when it comes to the network connection. Which even though on the newest Pi is Gigabit, only functions at about 100-200 Megabit/s.

I believe the concepts used in this tool are innovative and could be used to secure a network, but whether this solution will scale gracefully, I fear it will not.

rndrev avatar Jun 17 '18 04:06 rndrev

No.

I don't suggest you to use this project under an enterprise environment for now.

  1. 'sweetsecurity' service will cause network down, as I pointed out at here:

https://github.com/TravisFSmith/SweetSecurity/issues/45

  1. the critical-stack-intel used in this project is not operational for now(2018-08-10), as I pointed out at here:

https://github.com/TravisFSmith/SweetSecurity/issues/48

think about these:

your enterprise's LAN will down every time you start up your IDS device (someone might get fired...)

your IDS device will send NO alert because there's no critical stack IP database been downloaded forever......(so why we have this device, haha)

if you still want to use this project in your company,

  1. stop 'sweetsecurity' service
sudo systemctl stop sweetsecurity
sudo systemctl disable sweetsecurity
  1. use otx Alien Vault instead of critical stack

cloudstrifeedge avatar Aug 10 '18 05:08 cloudstrifeedge

The sweetsecurity service gave me a good scare. You almost certainly will not want the traffic to pass through the device by way of spoofing. Simply connecting a Pi to the office network and running setup.py sounds like good way to get fired real quick.

I would take this project as an idea pool and build a new solution tailored to your business environment. I would certainly recommend that you gain a good understanding of every component used in your configuration, don't be tempted into any shortcuts that could put your network at risk.

A more powerful board with dual gigabit would be more suited to the task of being a sensor device. It could listen to a SPAN port on one interface and take care of business on the other interface. Perhaps the Beagleboard X15 ($250) is a good fit.

royolsen avatar May 15 '19 23:05 royolsen