ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

Snort fails to win approval

Patrick Gray ZDNet Australia

Published: 24 May 2004 14:25 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

The creator of Snort, the open-source network-based Intrusion Detection System (IDS), says the software is up for an overhaul.

IDS has failed to impress the market, Martin Roesch told delegates at the AusCERT computer security conference in Queensland. The inability of many to "tune" an IDS -- minimising the number of false alarms triggered by the monitoring devices -- has been a major draw-back for the widespread acceptance of the technology, he said.

The next generation of Snort will include "passive discovery" features, Roesch said, which will automatically tweak the package's settings.

"IDS is not working as well as had been hoped, or as well as had been hyped," he said. "People have been saying... IDS can be used to secure your network. But that's not the role of an IDS."

Now the chief technology officer of US-based Sourcefire, which sells Snort-based intrusion detection systems, Roesch says auto-discovery features could be used to apply specific detection policies to particular devices on a network.

If the new software detects an Apache server running on Linux, it will only look for attacks relevant to that configuration, instead of monitoring the device for an attack that would affect a Cisco router or Windows server.

"If you don't have a technology that's capable of understanding what's out there on the network... then you going to have big problems," he said.

Speaking to ZDNet Australia after his presentation, Roesch said the new features had been discussed within Sourcefire, but an actual release date to the open-source community is still unclear. "We haven't really talked about this with the open source community yet," he said. "Some big changes need to be made to the [Snort] engine to make this work."

Unlike more passive intrusion detection set-ups, re-vamped Snort will be able to enforce policies through its new capabilities. "The idea is to take a policy like 'thou shalt not run OS X on the network,' and then if someone with a Mac plugs into our network... it can tell the firewall to [block them]," he said.

For more coverage on ZDNet Australia, click here.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Dell

Did you find this article useful?
70 out of 135 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:




Related Jobs

Quality Lead - Unilever - Level C-00055185

Support implementation coordination for agreed QPI, SOX and Security controls Manage one quality team member who will support these activities Main ...

Capacity Planning Manager

As a Capacity Planning Manager you will have: * A strong ability to work on your own initiative, with a proven capability to exceed performance ...

IT Commercial Manager

As an IT Commercial Manager you will have: * Experience of IT procurement and contract / supplier management * Proven experience of running and ...

Featured Talkback

What was achieved there is recognised to be of fundamental importance to both winning the war (Churchill visited to say 'thank you' to them) and the development of the computer. Maybe Bill Gates doesn't want to support this museum because it underlines where electronic computing started i.e. here, not the U.S.

By: 1000103773

Read full story:
Bletchley Park faces bleak future

Sentry Posts Blog

Mobile Security Expert: Your Camera Ph...

Mobile Security Expert: Your Camera Phone Got Hacked Author: Eric Everson, Founder MyMobiSafe.com Have you ever heard someone say “I’d like to be a fly on the wall in that room.”?... More

Post a comment

Skype - The Roach Motel

Here is an interesting article from The National Business Review, pointing out once again that you can never delete a Skype account. Never. Period. This is something I am familiar... More

Post a comment

The vPhone: Why Visa Should Go Mobile

The vPhone: Why Visa Should Go Mobile Author: Eric Everson, Founder MyMobiSafe.com With all of the success of Apple’s iPhone, there is a growing case to support a company like Visa... More

Post a comment

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers