Home > How does Snort's flavor of intrusion detection work?
FAQ::
EMAIL THIS LICENSING & REPRINTS

How does Snort's flavor of intrusion detection work?

14 Jan 2008 | SearchSecurityChannel.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

Snort is a network-centric product. As an intrusion detection system, it can inspect traffic inline or offline, and act passively or actively.
About the author
Richard Bejtlich is director of incident response at General Electric Company in Manassas, Va. and blogs at Bejtlich.net and TaoSecurity.com. Listen to the rest of Richard's answers on Snort by downloading our Snort podcast.
Snort mostly relies on a "known bad" or "suspected bad" approach, observing traffic for patterns that correspond to malicious or suspicious activity. When Snort detects such activity, it can alert (passive mode) or block (active mode). The first is an IDS; the second an IPS.

Return to the Snort FAQ guide and read the rest of Richard's expert responses.

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
What is Snort?
Why is the Snort IDS still alive and thriving?
Is Snort right for the IDS needs of all clients?
What is the difference between Snort and Bro?

Network Intrusion Detection and Prevention
The power of Snort 3.0
OSSEC Host-Based Intrusion Detection Guide
Downloading OSSEC HIDS
Performing local installation
Installing the Windows agent
Summary and FAQs
Streamlining the installations
Performing server agent installations
How to find new features in Snort 2.8.2
Network IDS/IPS vendors

Security Vulnerability Assessment
Top security tips for solutions providers
Why is the Snort IDS still alive and thriving?
Is Snort right for the IDS needs of all clients?
What is the difference between Snort and Bro?
Does Snort support target-based intrusion detection?
How can the operator test Snort?
Will deploying Snort detect malicious events quickly?
What extra functionality do Snort add-ons provide?
How can I learn more about Snort?
What does the future hold for Snort?

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


HomeNewsTopicsITKnowledge ExchangeTipsAsk the ExpertsMultimediaWhite PapersBlogsEvents
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2006 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts