RouterOS’s firewall can shield networks (VLANs) from outer threats, but the most hacks are executed from within the network by a malicious actor (compromised device with software/firmware backdoor phoning C&C,…).
I’m thinking of adding pfSense, OPNsense, Suricata, snort or other IDS/IPS to the stack. I have literally zero experience with those. I’m wondering, which one to pick.
Some of those can also act as router, and also do inter-VLAN routing, and act as IPS - blocking suspicious traffic between VLANs. Does it make sense to run a router with RouterOS then, if such firewall can basically replace it? Did anyone replace edge/main RouterOS router with routing IDS/IPS firewall?
In case of not replacing RouterOS, does RouterOS support (easy) integration with any IPS?
And, what’s yours overall experience IDS/IPS for SOHO? What’s the most easy to setup, and reliable?
There is no inside nor outside.
There is no safe side and other side.
Either you allow traffic or you don’t.
There are no safe or dangerous IPs and ports, anything can communicate to any address and port
Once malicious software is on the inside it effectively instantly becomes the outside.
I am going down this path at the moment.
I have a front end wan mikrotik rb5009, connected to a netgate pfsense hardware appliance for internet services for desk pc’s which are also in an active directory environment.
That said at this point will be either going down a proxy gateway approach or traparent bridge with either suracatra or snort. Cert’s will get pushed via AD.
Ideally unusual traffic patterns will get picked and blocked.
The front end mikrotik will of course do its finest with firewalling.
