The wide spread proliferation of Internet Technology has led to the incorporation of Computer in each and every field of life. From education to Business, Information Technology has now become an indispensable element in our life. Computers have reached homes, offices, schools and even churches . The wide spread use of computers is accompanied by an exponential growth in e-crimes ,in which unscrupulous elements try to gain access to other’s computers to steal valuable information like credit card numbers , personal identification codes etc. Owing to this the development and deployment of sophisticated Intrusion detection systems that can detect and thwart such malicious attempts becomes highly important.
2.0 Intrusion Detection Systems(IDS)
In order to safeguard a computer from being intruded by malicious code, System/Network Administrators deploy Intrusion Detection Systems .These systems are nothing but software applications that monitor the inbound Internet packets for malicious or susceptible activity and alert the Administrator whenever such an activity is detected. They often respond to such intrusions by either blocking the source computer from accessing the hosted computer or by restricting the actions of source computer on destination. There are many types of IDS software available in the market and they differ in the way they detect the suspicious activity. Examples of IDS include Shadows, Snort, Dragon, RealSecure and NetProwler.
3.0 Snort IDS
There are many products available in the market for intrusion detection, out of these Snort gains a unique market proposition because of its free download availability and it’s at par performance in its field with any other commercial product. Snort is an Open source IDS Software which was originally designed for UNIX platform, but now is available for Windows based systems also. It provides basic network monitoring purpose and also can also be configured for rule based IDS functionality.
4.0 Functionalities of Snort
Snort can be installed very easily on any Windows or UNIX based system with the help of its friendly graphical user friendly interface. It is a Network bases Intrusion Detection System (NIDS) that can be used in two modes, “sniffer” and logger mode. In basic sniffer mode it just reports what is happening on the system console, while in the logger mode, it can log the network traffic details in the log file directory. Both sniffer and logger modes are passive and just give system administrator an information about the network traffic without actually taking any action to prevent the intrusion. However it can be used in IDS mode to be able to act upon certain rules, pre-defined by system administrator to prevent intrusion.
Snort is open sourced and comes with a well-developed API that can be used to add new functionalities to the IDS.
The only pit-fall of Snort IDS is that, it does not have Customer support and a user has to rely on self-help books and internet forums for any troubleshooting and problems. However its download comes with a very elaborate documentation. Also some of the functionalities that are their in its UNIX version might be missing in its Windows version.
Snort is the most widely used IDS software with more than 225,000 registered users. It provides user with features like signature detection, protocol inspection and anomaly based detection. Its open source nature makes it the most favored IDS system by developers .They are constantly in pursuit to add new and sophisticated functionality to existing systems. There is lot of literature available about Snort due to its wide reach and influence on user community.
It can be used to detect all kind of intrusions ranging from buffer overflows, CGI attacks, SMB probes, OS fingerprinting attempts to stealth port scans. From its initially light weight edition that was used only to log the intrusion attempts to the current sophisticated and fully developed IDS edition, Snort has truly come a long way to provide user with an inexpensive, sophisticated and cutting edge technology that could secure their systems from malicious attacks from unscrupulous elements.