Snort (software Protection)

Snort (software Protection)

Snort IDS

Snort's open source network-based intrusion detection system (NIDS) has the ability to perform real-time traffic analysis and packet logging on Internet Protocol (IP) networks. Snort performs protocol analysis, content searching, and content matching. The program can also be used to detect probes or attacks, including, but not limited to, operating system fingerprinting attempts, common gateway interface, buffer overflows, server message block probes, and stealth port scans.

Snort can be configured in three main modes: sniffer, packet logger, and network intrusion detection. In sniffer mode, the program will read network packets and display them on the console. In packet logger mode, the program will log packets to the disk. In intrusion detection mode, the program will monitor network traffic and analyze it against a ruleset defined by the user. The program will then perform a specific action based on what has been identified.

 

Intrusion detection system

An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a Management Station. Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, and reporting attempts. In addition, organizations use IDPSes for other purposes, such as identifying problems with security policies, documenting existing threats, and deterring individuals from violating security policies. IDPSes have become a necessary addition to the security infrastructure of nearly every organization.

  • 2 Users Found This Useful
Was this answer helpful?

Related Articles

Cisco™ Anomaly Guard Module

Cisco™ Anomaly Guard Module The Cisco© Anomaly Guard Module is an integrated services module...

Top Layer Network Security

Top Layer Network Security (IPS) In addition to its content-based IPS capabilities, the Top...

RAID - Redundant array of independent disks

RAID - Redundant array of independent disks RAID (redundant array of independent disks;...

Proxy DDoS Protected

Proxy DDos Mitigation Fully Protection Proxy® is an advanced solution recommended for...

Behavior analysis techniques in DDoS mitigation

Behavior analysis techniques in DDoS mitigation There are 2 major schools of thought in the...