On Friday, November 4, 2016 at 8:35:14 PM UTC+11, Laszlo Zrubecz wrote: > Another - currently implementable - way to use a proxy VM (as it is > currently used as a dnf/yum proxy) and install your desired intrusion > detection software there. > Suricata is a good candidate for such thing: > https://suricata-ids.org/
If I view a malicious jpeg image on a site that drops malware onto my browsing VM, I want to know about that. Quite possible that a proxyVM would not help me here if it doesn't match some known signature. That sounds more like intrusion *prevention* than detection (though I know Suricata does both). Something like OSSEC might, however, tell me that some new file exists or existing file has changed in some unexpected way, or that a new service has started listening on a port (whether or not the Qubes firewall is blocking). The knowledge is what matters to me most. Anyway thanks - I know of many of the products out there, just was interested to hear if anyone had implemented on their Qubes in practice. Cheers -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/adeb35ce-afec-4a49-b361-809e3a9f4262%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
