There's more...

In this recipe, we have barely scratched the surface with respect to Snort's capabilities. In reality, Snort is a fully-fledged network intrusion prevention system and intrusion detection system. It is capable of being run in the following modes:

  • Packet-sniffing mode: In this mode, Snort simply intercepts packets in a manner similar to any readily available packet sniffer (for example, Wireshark).
  • Packet-logging mode: In this mode, Snort takes the process one step further and logs packets to the disk. This mode is useful if you are trying to debug network issues.
  • Network intrusion prevention mode: In this mode, Snort monitors network traffic, analyses it against a user-defined ruleset, and performs certain actions based on the rule that has been matched.

In this recipe, we ran Snort in network intrusion prevention mode to block peer-to-peer traffic, including BitTorrent traffic. We can do much more with Snort, including using it to block certain websites.

This recipe used the Snort GPLv2 Community rules. However, you can also pay for a Snort Subscriber Rule Set. The current rates for such rules can be found at https://www.snort.org/products. A personal subscription is currently $29.99 (USD) a month.

You may also want to use the Open AppID plugin. This plugin enables Snort to detect, monitor, and manage application usage. To use Open AppID, you will find it necessary to download the Sourcefire Open AppID detectors. To do so, check the Enable OpenAppID checkbox on the Global Settings tab of Snort. You may also want to check the Enable RULES OpenAppID checkbox to enable download of OpenAppID rules.

The official Snort website provides copious amounts of documentation, which you will want to read if you want to become adept at leveraging the power of Snort on your networks. You can find this documentation at https://www.snort.org/documents#OfficialDocumentation.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.191.29.151