Snort is currently the most popular FREE network intrusion detection software.
Snort is a well-known and currently industry-leading tool used for packet sniffing, logging, and intrusion detection. It was created by Cisco and can be installed on Windows as well as a few Linux distributions.
The combination of its three different modes allows it to be used as an IDS as well as an IPS. When you use Snort as a packet sniffer only, it provides you with a live readout of packets as they travel through the network. For packet logging, it records the packet details to a file as logs.
It can detect attacks as buffer overflows, stealth port scans, CGI attacks, SMB probes, and OS fingerprinting attempts. It uses different methodologies (called “rules”) for performing intrusion detection. These rules work differently to signature-based detection, detect the actual vulnerability, rather than an exploit or a unique piece of data. Essentially, Snort uses a “known bad” or “suspected bad” approach when it comes to detecting intrusion.
When you use Snort, you apply these rules to the network traffic. You can download some of these rules, called “base policies” from the Snort website, or learn how to use Snort yourself and write your own. The Snort community website also has people who can help you to write and download rules developed by other Snort users.
Snort also works with companion applications, called Snorby, BASE, Squil, and Anaval. These are all intended to provide deeper analysis of the data Snort collects, which can make up for some of the shortfalls in the Snort software. However, it requires a lot of configuration before it can be used effectively and may not be suitable for someone unfamiliar with this kind of software. It can also be a bit tricky to update your rules, as you have to do so manually or via your script.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM