So a few weeks ago on TWiET, Fr

[G+_John Mink]

So a few weeks ago on TWiET, Fr. Robert Ballecer, SJ? talked to Itus, a company which sells some fancy routers Intrusion Detection/Prevention System which blows away the standard cheap routers we're all used to.

 

But what I'm still wondering is how would an Etus router compare to an x86 router? Not only in performance but what about ease of use & skills required to use? Any other factors that should come into play?

 

I'd love to know the pros & cons of each spelled out a bit more clearly so I can go protect my network! And maybe even help out others :p

[G+_Eddie Foy]

Its not a router, its IDS/IPS (intrusion detection/prevention system)  via DPI (deep packet inspection).  The firewall in your router looks at IPs and port and allows/blocks accordingly.  The iGuardian (now Shield) reads into the packets and looks at the content for 'bad stuff'.  Basically the buzzword of "Next generation Firewall" from some years back.

 

In a nutshell its running snort, preconfigured with a lifetime subscription to the community updates.

 

Web proxying via squid for TLS/SSL DPI is on the horizon.

[G+_Eddie Foy]

As for Itus vs an x86, the Itus will probably do better.  Its a dual core specific networking  chip.  Not to mention the power savings.

[G+_John Mink]

Fair point on the IPS naming, calling it a router isn't accurate as it's more than a simple firewall (kinda the whole point).

[G+_John Mink]

So it sounds like functionality-wise this isn't offering anything unique.

 

But it's less power draw (for a device that's always on) with a smaller physical profile than most builds and it's pre-configured.

 

Thanks, I that helps me figure out how it fits in to the overall scheme.

[G+_Adam EL-Idrissi]

Well the unique about it is that it's plug and play ids for the home. If I hadn't build a pfsense box I would've gotten this. I'm actually thinking about getting one for my dad.

[G+_John Mink]

Adam EL-Idrissi you'd get this over a PFSense box? I know Padre gave a few reasons to not go PFsense on the most recent episode of KH (130? I think) but I'm curious as to what your reasons are.

[G+_Adam EL-Idrissi]

John Mink the only reason I would get this over pfsense, now that I have a pf box, is for snort. I seem to be having trouble setting it up. It's giving me a warning saying saying no rules are set but there are. That's my only issue. Otherwise I'm happy with it. Does everything I want plus more. The only other benefit it has is less power consumption.

[G+_Travis Hershberger]

I have ClearOS configured at work, but they are starting to charge for more and more of the features that were once free.  Not a bad thing, they do need to make money, just not ideal for personal stuff.  Look here for some more suggestions: http://community.spiceworks.com/topic/155088-does-anybody-using-a-good-free-ips-intrusion-prevention-system

[G+_David Wiggins]

Adam EL-Idrissi  It is possible you don't have your rules assigned to an interface.  I recommend this thread in the pfsense forums for getting things running: https://forum.pfsense.org/index.php?topic=61018.0   I love the pfS community, they are really helpful, and you can even post a bounty for someone to remote in and fix it if you really need it.  I set up pfS for a school project, then at home and elsewhere.  Feel free to ask if you need more help.