Exploring the latest version of Snort
Prettying up the Pig
Get ready for a bigger and better Snort. If you're used to protecting your systems with this trusty intrusion detection tool, you'll appreciate the new features in the latest version.
Earlier this year, Cisco purchased SourceFire, the original developers of the popular Snort intrusion detection tool , and the world is understandably curious to know what plans the router giant might have for Snort. I spoke recently with Cisco engineer and education specialist James Risler about the Snort purchase, and he had some good insights and news.
According to Risler, the primary reason for the purchase was that Cisco needed code that improved the interoperability of Cisco devices with other security devices in the network. He also said that the purchase of Snort would make it possible to eventually support NetFlow and other protocols more easily. Risler assured me that Snort will continue to use the clever pig motif that we all know and love. The most important reason for the purchase of Snort, though, is that Cisco felt the need to improve the ability of network security professionals to analyze information.
When I was asked to take a closer look at the first Snort version since the Cisco purchase (Snort 22.214.171.124), I figured it was a good time to take a look underneath the hood and see what has changed. I'm happy to say I found some very interesting new features. This article explores what's new and improved in the latest version of Snort. If you're new to Snort, you'll also find some tips on how to get started.
Buy this article as PDF
New flaw in an old encryption scheme leaves the experts scrambling to disable SSL 3
Lennart Poettering wants to change the way Linux developers talk to each other.
Enterprise giant frees itself from ink and home PCs (and visa versa).
Mozilla’s product think tank sinks silently into history.
TODO group will focus on open source tools in large-scale environments.
New tool will look like GParted but support a wider range of storage technologies.
New public key pinning feature will help prevent man-in-the-middle attacks.
Carnegie Mellon researchers say 3 million pages could fall down the phishing hole in the next year.
The US government rolls new best-practice rules for protecting SSH.