I’m requesting that Suricata be included in ROS 7.
thank you for the suggestion, we will look into it.
+1 for IDS/IPS system. (suricata is the best option).
+1, In routerOS vacancies IDS/IPS can be seen
Thank you for listening and looking into it.
+1 for suricata on Mikrotik CCR (and x86 I suppose)
If you can bind that into firewall policies… “action=inspect” etc…
That would be totally fine 
+1 This was already asked for.
+1 Suricata in ROS 7. Many of my corporate customers are starting to get mandates that all their branch offices have to have firewalls with IDS/IPS built in. I’ve had to stop deploying MikroTik and have been forced to replace Mikrotik routers because of it. I believe if this isn’t implemented Mikrotik with loose traction and in this market. Its a big feather in SonicWall and other venders cap that they can flaunt and talk down about MikroTik when their partners see them in the field.
+1 For these, high priority!
Two more requests from corporate customers this week alone, they are being forced to replace their firewalls with units that have IDS/IPS integrated. This should almost be top priority IMHO.
Mikrotik is a router, not a firewall.
Ok, I get that Mikrotik is focusing on making routers.
But with suricata support for the Tilera architecture, Mikrotik could be exploiting this now to create an IPS.
I am sure it will generate extra revenue, people buying this not because it is a router, but because it becomes a capable IPS.
What is wrong in developing a lightweight security product that fills the needs of smaller companies and smaller branches without breaking the bank?
Should mikrotik remain a router and switching only company? I dont think so. They dont have to. But its their choice to make. All we say is this would be a _real_ usable feature, with more usefulness (and market value) in the long run as supporting lets say samba or cups (in my humble opinion).
Just my 2c.
you can use Suricata right now without waiting
http://robert.penz.name/849/howto-setup-a-mikrotik-routeros-with-suricata-as-ids/
I use it with Kibana, Elasticsearch and logstash. Take the sniffer tool and make remote logging to your suricata box.
Agreed that that is a possible solution, but I actually want it to be an IPS too, and that is something you can`t solve with sniffer and a remote box, it needs to be inline…
That’s funny, then whats that whole “Firewall” section for then and why does the factory pre-configuration on most of the desktop models come configured as a firewall.
It may be a grey area to some to call a router with ACLs a firewall but I’m pretty sure a router with ACLs and NAT configured moves it into the class of firewall features, plus so much more. To classify it as a router only based because of the label they gave their OS is asinine. You can call a Mikrotik Router OS box by many names depending on how its configured; router, firewall, proxy, NAS, web cache server, DHCP server, DNS server, hotspot management appliance, Radius server, switch, etc. Heck, I keep one in my backpack that’s labeled “network tap”.
(I bet a SonicWall’s performance sucks if too many of its features are turned on at the same time - I have a personal loathing for those boxes, as they always seem to be administered by people who haven’t got a clue about networking, their configurations make a mathematician’s blackboard look simple and easy-to-read, they break more than just a few services, especially VoIP, and they’re way overpriced with their licensing.)
There’s firewalls, and then there’s firewalls (to use a southern slang saying - meaning that they’re not all created equal).
In RouterOS, There’s packet filtering based on all kinds of state / header information. It’s pretty robust, actually, but it’s mostly limited to headers and states. There ARE layer7 modules in the firewall rule matchers, but alas, doing deep payload inspection and trending based on packet patterns is a much more expensive (cpu-wise) function, and this is where ROS tends to fall behind devices which are much more purpose-built.
Even Cisco made seperate IDS/IPS modules for the ISR line… because this is one of those heavyweight activities.
If you look in one of these IDS boxes, they almost never have much useful functionality in the networking arena - dynamic routing, mpls, etc - it’s just different.
I think an inline IDS that detects threats and uses “port knock” packets or an API connection into the Mikrotik to signal blocking rules would make a dynamite combo.
I hate SonicWall as well for many reasons including some you listed. Mikrotik is an amazing platform that just needs a couple more optional packages to round it out and continue to grow in the enterprise market. It would be nice if they beat UBNT to this offering as well.
I should note last week another enterprise customer of mine had to replace their Mikrotiks because upper-management had a security audit and it came back that they had to switch to Cisco for IDS/IPS. Yet another loss of US presence / market share (Federal customer 14 branch offices 3 of which were connected without private fiber via Mikrotik VPN firewalls).
Mikrotik,
Due to the continued lack of IDS, IPS or DPI being fully integrated into the router, our company is now looking to transition our customers to the Ubiquiti EdgeOS Routers new DPI offering. I hate to leave this platform but we can’t ignore the consumer demand for this feature in enterprise environments. We’ve already lost too many accounts to other consulting firms offering these features via Cisco and SonicWall after 3rd party HIPAA auditors came through. I’m still a fan and will continue to monitor your progress.
Regards,
Russell
EdgeRouter from Ubiquity becoming very interesting routing platform
https://community.ubnt.com/t5/EdgeMAX-Beta/Alpha-release-v1-8-0alpha3/m-p/1387012/thread-id/12377
- it can do DPI and use outputs for routing, QOS…also detects torrents…
Better indicator of noise. Noise indicator in status of wireless has no meaning if it does not take in account interference. (ubiquity has great indicator: interference+noise)
Also if it is very noise enviroment, routeros shows noise -113, but this is not real predictor…