The features of Snort, one of the most widely used is a command line Intrusion Detection System (IDS) based on libpcap packet capture library are discussed. Snort employs a rather cryptic command-line interface and all program configurations are done by manually editing the one configuration file that is snort.conf. The decisions of security managers to use Snort as their IDS also includes the choice of GUI front-end. This choice of Snort suggest that more security managers are using Snort as an attack trend analysis tool rather than as a real-time intrusion indicator. It is also stated that network security managers favor the Snort/ACID combination in operation on a Linux platform.
All Science Journal Classification (ASJC) codes
- Safety, Risk, Reliability and Quality
- Computer Networks and Communications
- Information Systems and Management