Presentation is loading. Please wait.

Presentation is loading. Please wait.

SNORT An Open Source Network Intrusion Prevention and Detection System. (NIPS and NIDS)

Published byMelina Lawrence Modified over 8 years ago

Similar presentations

Presentation on theme: "SNORT An Open Source Network Intrusion Prevention and Detection System. (NIPS and NIDS)"— Presentation transcript:

1 SNORT An Open Source Network Intrusion Prevention and Detection System. (NIPS and NIDS)

2 History of Snort Originally release in 1998 by Martin Roesch It was a designed as a “lightweight” technology Roesch’s goal was to make a “Category Killer” Roesch found inspiration in The Cathedral and the Bazaar Snort evolved from “lightweight” to being very robust over time. It is now the most widely deployed NIPS of all time.

3 What it means to be Open Source Free! Is often worked on by both professional developers and enthusiasts. Which leads to more frequent release cycles and more secure code. SOURCEfire “We don’t sell Intrusion Detection, we sell everything else.”

4 Main Features – 2.9.4.1 Snort is a Rule base software. They offer both Community Rules, and VRT certified rules. There is also the ability to create User Defined Rules Utilizes 3 Main modes: Sniffer mode, Packet Logger Mode, and Network Intrusion Detection System Mode.

5 Protection from what? DoS attacks Buffer overflows P2P attacks Worms Trojans Backdoor attacks Spyware Invalid headers Blended threats Rate-based attacks Zero-day threats Port scans VoIP attacks Pv6 attacks Statistical anomalies Protocol anomalies Application anomalies Malformed traffic TCP segmentation and IP fragmentation Success Stories: Conficker, Netsky, Nachi, Blaster, Sasser, Zotob and many more

6 Pro’s and Con’s ProsCons Open Source Customizable Incredibly fast Binaries Lots of choices Well documented Cross Platform Without Source Fire (paid) there is no tech support XML must be parsed to be utilized Complicated Binaries (code… more of an issue for developers) Not a real con, but it is not Cisco, and some people just really like Cisco

7 Location Download at: http://www.snort.org/snort- downloadshttp://www.snort.org/snort- downloads The source code it saved a *.tar.gz so for windows users you will need 7 zip to extract it. They have offices worldwide but there primary location is in Columbia Maryland. Worldwide Headquarters 9770 Patuxent Woods Drive Columbia, MD 21046, United States Phone: 800.917.4134 | +1 4102901616 Fax: 410.290.0024

8 Sources/Other Information/Questions http://www.snort.org/ http://www.sourcefire.com http://www.infoworld.com/t/business/nothing-snort- 070http://www.infoworld.com/t/business/nothing-snort- 070 http://www.catb.org/esr/writings/homesteading/ http://en.wikipedia.org/wiki/Snort_(software)

Download ppt "SNORT An Open Source Network Intrusion Prevention and Detection System. (NIPS and NIDS)"

Similar presentations

REFLEX INTRUSION PREVENTION SYSTEM.. OVERVIEW The Reflex Interceptor appliance is an enterprise- level Network Intrusion Prevention System. It is designed.

REFLEX INTRUSION PREVENTION SYSTEM.. OVERVIEW The Reflex Interceptor appliance is an enterprise- level Network Intrusion Prevention System. It is designed.
Snort: Overview Chris Copeland What is an Intrusion Detection System (IDS)? An intrusion detection system is any system which can identify a network.

Snort: Overview Chris Copeland What is an Intrusion Detection System (IDS)? An intrusion detection system is any system which can identify a network.
Intrusion Detection System Snort. What is Snort? Free and Open Source Intrusion Detection System Monitor network traffic Scan for protocol anomalies Scan.

Intrusion Detection System Snort. What is Snort? Free and Open Source Intrusion Detection System Monitor network traffic Scan for protocol anomalies Scan.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
IDS In Depth Search: Ideas, Descriptions, and Solutions Presentation by Marshall Washburn November 30 th, 2010 CPSC 420/620 w/ Dr. Grossman.

IDS In Depth Search: Ideas, Descriptions, and Solutions Presentation by Marshall Washburn November 30 th, 2010 CPSC 420/620 w/ Dr. Grossman.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Network Security In Education A Balancing Act Doug Klein CTO Vernier Networks, Inc.

Network Security In Education A Balancing Act Doug Klein CTO Vernier Networks, Inc.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 The CERT Coordination Center is part of.

CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA The CERT Coordination Center is part of.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.

NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.
Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies www.coresecurity.com.

Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
Martin Roesch Sourcefire Inc.

Martin Roesch Sourcefire Inc.
K. Salah1 Intrusion Detection Systems. K. Salah2 Firewalls are not enough Don’t solve the real problems Don’t solve the real problems  Buggy software.

K. Salah1 Intrusion Detection Systems. K. Salah2 Firewalls are not enough Don’t solve the real problems Don’t solve the real problems  Buggy software.
Introduction to Snort’s Working and configuration file

Introduction to Snort’s Working and configuration file
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.

Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.

Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.
USENIX LISA ‘99 Conference © Copyright 1999, Martin Roesch Snort - Lightweight Intrusion Detection for Networks Martin Roesch.

USENIX LISA ‘99 Conference © Copyright 1999, Martin Roesch Snort - Lightweight Intrusion Detection for Networks Martin Roesch.

Similar presentations

Ads by Google