Exploring the latest version of Snort

Earlier this year, Cisco purchased SourceFire, the original developers of the popular Snort intrusion detection tool [1], and the world is understandably curious to know what plans the router giant might have for Snort. I spoke recently with Cisco engineer and education specialist James Risler about the Snort purchase, and he had some good insights and news.

According to Risler, the primary reason for the purchase was that Cisco needed code that improved the interoperability of Cisco devices with other security devices in the network. He also said that the purchase of Snort would make it possible to eventually support NetFlow and other protocols more easily. Risler assured me that Snort will continue to use the clever pig motif that we all know and love. The most important reason for the purchase of Snort, though, is that Cisco felt the need to improve the ability of network security professionals to analyze information.

When I was asked to take a closer look at the first Snort version since the Cisco purchase (Snort 2.9.6.2), I figured it was a good time to take a look underneath the hood and see what has changed. I'm happy to say I found some very interesting new features. This article explores what's new and improved in the latest version of Snort. If you're new to Snort, you'll also find some tips on how to get started.

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Snort Helpers

    Snort is the de facto standard for open source network intrusion detection. The developer community has kept a fairly low profile for a couple of years, but extensions like Snorby, OpenFPC, and Pulled Pork have given the old hog a new lease on life.

  • Sniffing Out Intruders

    Snort lets you protect your network from intruders with a customizable ruleset.

  • Snort

    Search out hidden attacks with the Snort intrusion detection system.

  • Intrusion Detection

    The Prelude security information management system receives both host- and network-based IDS messages and displays them in an easy web interface. We show you how to set it up.

  • Suricata

    Snort isn't the only free intrusion detection tool in the barnyard. We'll show you a powerful and promising alternative known as Suricata.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News