Home > How does Snort's flavor of intrusion detection work?
FAQ:
EMAIL THIS

How does Snort's flavor of intrusion detection work?

14 Jan 2008 | SearchSecurityChannel.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

Snort is a network-centric product. As an intrusion detection system, it can inspect traffic inline or offline, and act passively or actively.
About the author
Richard Bejtlich is director of incident response at General Electric Company in Manassas, Va. and blogs at Bejtlich.net and TaoSecurity.com. Listen to the rest of Richard's answers on Snort by downloading our Snort podcast.
Snort mostly relies on a "known bad" or "suspected bad" approach, observing traffic for patterns that correspond to malicious or suspicious activity. When Snort detects such activity, it can alert (passive mode) or block (active mode). The first is an IDS; the second an IPS.

Return to the Snort FAQ guide and read the rest of Richard's expert responses.

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED CONTENT
What is Snort?
Why is the Snort IDS still alive and thriving?
Is Snort right for the IDS needs of all clients?
What is the difference between Snort and Bro?

Network intrusion detection and prevention defenses
SIEM services help customers with security monitoring
Implementing IDS/IPS technologies: Managing politics and accountability
Juniper launches mid-level security appliances
Must-haves for wireless network security: WLAN switches, intrusion detection and more
Host-based IDS/IPS Partner Program Directory
Understanding Snort's Unified2 output
Network security algorithms introduction
Searching for multiple strings in packet payloads
Approximate string matching
IP traceback via probabilistic marking

Business risk assessment and risk analysis
Loss leaders: Security products and services to get a foot in the door
Getting to know the NERC CIP standards
The intersection of security and disaster recovery
Remote vulnerability scanning: Process, roles and responsibilities
How to perform a network security audit for customers
Creating your checklist and Summary
How to generate revenue from unified threat management
Unified threat management: Migration and management techniques
Unified threat management: An intro for solution providers
Podcast with Dr. Paul Rohmeyer on choosing a remote management platform

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


HomeNewsTopicsITKnowledge ExchangeTipsMultimediaWhite PapersBlogsEvents
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2006 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts