Snort mailing list archives
Snort IDS vs my firewall
From: Pratik Narang <pratik.cse.bits () gmail com>
Date: Fri, 24 Aug 2012 21:53:51 +0530
Dear Snort experts, Thanks a lot to Joel, Tony, Waldo and others for the great responses and help on my previous question with the subject line: pcaps for triggering rules.The inputs are very helpful. Continuing with that same spirit: I wish to set up Snort as an IDS and then benchmark its performance with the performance of the firewall which my network runs. I dont intend to use Snort as an IPS as yet. All I want is that my IDS should be able to generate alerts, warnings etc. for all that stuff for which the firewall is presently doing. And when that is achieved, the IDS, equipped with suitable IPS capabilities, will be fit enough to replace the firewall. So, Question One. Are my plans wise enough? Can Snort IDS do all the work which a professional firewall is presently doing? (Since I am asking about an IDS, you can safely assume I am going to run captured data of the firewall traffic) Question two - I see that to a good extent Snort rules are directed towards alerts for buffer overflows, injection attacks, information leak etc. While a firewall surely does alert for these, a firewall also does a good deal of content blocking. As an example our present firewall blocks access to all gaming sites, gambling sites, hacking sites, sites containing adult material, etc. I am unable to understand how such a thing is to be achieved through Snort. For the Sourcefire guys out there- Will it be right to call the Snort's commercial version a 'firewall' ? Thanks. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort IDS vs my firewall Pratik Narang (Aug 24)
- Re: Snort IDS vs my firewall Joel Esler (Aug 24)
- Re: Snort IDS vs my firewall Pratik Narang (Aug 25)
- Re: Snort IDS vs my firewall Joel Esler (Aug 26)
- Re: Snort IDS vs my firewall Pratik Narang (Aug 26)
- Re: Snort IDS vs my firewall Pratik Narang (Aug 25)
- Re: Snort IDS vs my firewall Joel Esler (Aug 24)