CSE 5290 / CYB 5290
Network Security
Intrusion Detection / Prevention
part 3
William Allen, PhD
Spring 2019
Open Source tools (SNORT)
•
Marty Roesch (Sourcefire) developed
SNORT (1998) to be a NIDS that:
–
Works on multiple operating systems
•
Linux, FreeBSD, NetBSD, OpenBSD, Windows,
Sparc
Solaris, …
–
Can capture and store network packets as
well as filtering by signature and behavior
–
Includes flexible filter rules
•
Snort is the
most widely deployed
intrusion
detection and prevention technology worldwide
