Snort for Network IDS

What is Snort?

Snort is an open source network intrusion detection system (NIDS) that can audit network traffic in real-time. Snort is a packet sniffer, a packet logger, and a network intrusion detection system.

Snort as I mentioned before is an open source software which means it can be configured and complied on most operating systems. Snort has been ported over to Microsoft Windows operating systems also, but it's bread and butter is back on the UNIX/Linux side of the house. Most Linux distributions now include Snort as part of their install package, and though it may not be enabled by default, normally it is on the installation CD's or DVD's.

Should I run Snort if I have a firewall?

I believe that yes you should run a NDIS even with a firewall. Firewalls help to block packets coming in to your system, however if you are running different servers or services that require the firewall to let them through you are letting a large amount of data go un-audited. Snort has the ability to see trends in incoming data and identify them as a threat and take appropriate action on your system. Snort gives you the ability to see if you are being port scanned, or to see if someone is trying to abuse well known backdoors or problems in well known daemons. Running services and applications that help you to protect your system is always a good idea. Many system administrators run a firewall, snort, and a data file integrity checker (often Tripwire).

How does snort actually work?

Snort generally is running as a background application and it is constantly packet sniffing all the information passing through your network interface card (NIC). The data is then sorted by various preprocessors that basically sort the packet data in to different categories. Once the data has been sorted out it is run through the rules, or the detection phase. As Snort detects trends in the data it applies the rules and actions them appropriately. The final stages are logging the rule infractions and if configured alerting the system administration team in real-time as the infraction occurs.

Is Snort difficult to configure and use?

Snort, as mentioned before now often comes bundled or available through rpm's in most Linux distributions. The hard part of running snort is if you decide to create your own original rules which can get extremely complex. However, luckily for us you can download up to date rule sets for free off the Snort website (you must signup for the free registration).

For extra ease of use there are many different applications and log parsers which have been designed to work with Snort. These applications can create websites based on the data Snort has logged or help you identify trends or possibly security threats on your system.

Ken Dennis
http://KenDennis-RSS.homeip.net/

In The News:
Erin Kuiper named General Manager of InBuckeye, the city's only hyperlocal news source
Introducing "¡Skewed Up!" Your New National Online Humor NewZine
Deep analysis of a quirky documentary "Prince of Eurasia: Monotheism and Devils" of the director and executive producer Prince Oak Oakleyski
Ingrid Smith Home Alone on the Phone!
"Jim Peters At Night" Does Its 100th Show

pen paper and inkwell


cat break through


What is Groupware?

Vince Lombardi once said that, "The achievements of an organization... Read More

What is Fleet Maintenance Management?

Fleet Maintenance Management is a critical position in any company... Read More

Microsoft Great Plains, Navision, Axapta ? Selection Considerations

During the years of our consulting practice, which comes back... Read More

Free Software: How Not To Get More Than You Bargained For!

I completed an experiment recently. I wanted to find out... Read More

The Bluebird Project

The objective for Zandi Digital is to make available clever... Read More

Internet Security Threats: Who Can Read Your Email?

Before being able to choose a secure Internet communication system,... Read More

Putting Screensavers Under Control

No matter how much you enjoy your favorite screensavers, sometimes... Read More

Free Software - Powerful Alternatives to Budget-Busting Software

When you buy a computer, it most likely comes with... Read More

Most Dangerous Types of Spyware are on the Rise: How to Choose the Weapon

Bad News - the Threat is Bigger than it SeemedHow... Read More

S is for Spying, Surveillance -- and for Software as Well

Words we choose to describe things and phenomena often show... Read More

Microsoft Great Plains eCommerce ? Stored Procedures Approach

Since Version 8.0 Microsoft Business Solutions Great Plains & Great... Read More

Crystal Reports - Microsoft SQL Server

Microsoft SQL Server is the leader for inexpensive and middle... Read More

Great Plains Dynamics on Pervasive/Ctree support ? overview for consultant

All of us know that Microsoft bought former Great Plains... Read More

Choose your Java Wisely

Java has come along a long way. Many would agree... Read More

Microsoft Great Plains: Data Conversion & Migration Scenarios ? Overview for Consultant

Microsoft Business Solutions Great Plains serves multiple industries in the... Read More

Microsoft Great Plains: Service Business Customization & Integration Example

Microsoft Business Solutions Great Plains might be considered as ERP... Read More

Constructionalist Parsing - Deciphering Natural Language

The research in the field of Natural Language Processing usually... Read More

Demand More From Your Lead Tracking Software

An integral part of any quality CRM system is lead... Read More

Cisco Certification: Introduction To ISDN, Part V

The major reason I recommend getting your hands on real... Read More

Microsoft Retail Management System (RMS) SQL Customization ? Overview for Programmer

Microsoft Retail Management System serves retail single store as well... Read More

Recent Studies Show that 9 out of 10 PCs Are Infected with Spyware

Spyware and malware are large problems for Internet users today... Read More

Review on QuarkXpress 6.0

After almost two decades of existence, Quark has become the... Read More

Linux Secrets

The first thing that you will notice about Linux Red... Read More

Lotus Domino/Notes - Microsoft Great Plains Tandem as ERP with Documents Workflow - Overview for IT

Lotus Domino/Notes ? Microsoft Great Plains tandem as ERP with... Read More

XML Parser and Their Types

XML parser is a software module to read documents and... Read More

5 Mac Security Tips You Can?t Live Without

So, you've bought a new Macintosh, and now you may... Read More

Save Your Resources - Combine Your IM Clients

There are so many different programs that clutter up your... Read More

Great Plains Dexterity: Customizations & Source Code Programming

Great Plains Software Dynamics, Dynamics C/S+, eEnterprise were written on... Read More

Implementing ERP for Large Publicly Traded Corporation ? Microsoft Great Plains

We would like first emphasize the change in the paradigm.... Read More

OEComplete ? A Personal Information Manager

OEComplete is a utility for managing the personal information of... Read More

Information Products: A Business Owners Best Friend

We live in a post-industrial age where information is the... Read More

Downloading Spyware Removers: Think Before, not After

Just imagine: you are walking, say, towards your car, and... Read More

OSI Layers Model

IntroductionDuring the early years of our modern computer era, very... Read More