Most important snort rules?
-
Hello, I lack memory to activate all snort rules that I'd like to.
My Pfsense protect a network in which users should be free to use any internet services freely. But I'd like it to be secure.
What are the 2 ou 3 most important rules to activate in that case.
Thanks. -
The ones applicable to your environment ;)
The answer isn't a simple one, and the fact that you've said nothing about your network means nobody can really help you. If you are really limited to only a few rules then you need to sit down with somebody with a clue, explain your network and your concerns and work with them to highlight your top risks. From there they can help you identify the most appropriate rules for you.
Of course, with only a few rules the odds of your catching malicious behaviour pretty much drops to zero.
-
Thanks for you answer. What information should I provide ?
Basically it is a home network. -
With emphasis
@Cry:
If you are really limited to only a few rules then you need to sit down with somebody with a clue, explain your network and your concerns and work with them to highlight your top risks. From there they can help you identify the most appropriate rules for you.
You'll need diagrams, details of applications and operating systems (including versions and patch levels), what the network is used for (web browsing, email, etc) and what your concerns are.
Re-read the last sentence in my previous post though before you go wasting your time.
