Managing Network Security with Snort Open Source Intrusion Detection Tools

Organizations both large and small are constantly looking to improve their posture on security. Hackers and intruders have made many successful attempts to bring down high-profile company networks and web services for lack of adequate security. Many methods have been developed to secure the network infrastructure and communication over the Internet such as the firewall and intrusion detection systems. While most organizations deploy security equipment, they still encounter the challenge of monitoring and reviewing the security events. There are various intrusion detection tools in the market for free. Also, there are multiple ways to detect these attacks and vulnerabilities from being exploited and leaking corporate data on the internet. One method involves using intrusion detection systems to detect the attack and block or alert the appropriate staff of the attack. Snort contains a suite of tools that aids the administrators in detecting these events. In this paper, Snort IDS was analysed on how it manages the network from installation to deployment with additional tools that helps to analyse the security data. The components and rules to operate Snort were also discussed. As with other IDS it has advantages and disadvantages

A Case Study of Three Open Source Security Management Tools

Abstract: Three open source security management tools – Snort, Pakemon, and Argus – are benchmarked against DARPA 1999 Intrusion Detection Evaluation Data Set. Performance is characterized using multiple performance metrics. Snort is found to have the best performance in terms of detection rate, however it creates more false positives than desired. The results show that different tools perform well under different attack categories; hence they can be run at the same time to increase the detection rate of attack instances