Re: Snort IDS vs my firewall

[Pratik Narang <pratik.cse.bits () gmail com>]

On Fri, Aug 24, 2012 at 10:45 PM, Joel Esler <jesler () sourcefire com> wrote:
> On Aug 24, 2012, at 12:23 PM, Pratik Narang <pratik.cse.bits () gmail com>
> wrote:
>
> I wish to set up Snort as an IDS and then benchmark its performance
> with the performance of the firewall which my network runs. I dont
> intend to use Snort as an IPS as yet. All I want is that my IDS should
> be able to generate alerts, warnings etc. for all that stuff for which
> the firewall is presently doing. And when that is achieved, the IDS,
> equipped with suitable IPS capabilities, will be fit enough to replace
> the firewall.
>
> So, Question One. Are my plans wise enough? Can Snort IDS do all the
> work which a professional firewall is presently doing? (Since I am
> asking about an IDS, you can safely assume I am going to run captured
> data of the firewall traffic)
>
>
> No.  Snort is not a firewall, it's an IPS.  These are different
> technologies.  There is a new class of devices now called "NGFW", which I'll
> talk about in a second.
>
> Question two - I see that to a good extent Snort rules are directed
> towards alerts for buffer overflows, injection attacks, information
> leak etc. While a firewall surely does alert for these, a firewall
> also does a good deal of content blocking. As an example our present
> firewall blocks access to all gaming sites, gambling sites, hacking
> sites, sites containing adult material, etc. I am unable to understand
> how such a thing is to be achieved through Snort.
>
>
> That kind of stuff is easy to write custom rules for.  But there are other
> products you may want to look into as well.

Other products like?

> For the Sourcefire guys out there- Will it be right to call the
> Snort's commercial version a 'firewall' ?
>
>
> No.  Our NGIPS devices have Snort as a component in them, a long with many
> other software features to be able to do above and beyond the massive amount
> of things that Snort already takes care of for you.
>
> As for a firewall functionality, we developed and released the Sourcefire
> Next-Generation Firewall (NGFW).
>
> http://www.sourcefire.com/security-technologies/network-security/next-generation-firewall
>
> This is Snort, a firewall, and much more.
>
> --
> Joel Esler
> Senior Research Engineer, VRT
> OpenSource Community Manager
> Sourcefire

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!