Summary
This chapter introduced some advanced concepts in using Snort as an intrusion prevention device. Both the Snort Inline Patch and SnortSam are presented as intrusion prevention options.
An intrusion prevention application is similar to an IDS, in that both applications aim to distinguish unauthorized activity from normal activity. The intrusion prevention application, like an IDS, has a set of signatures or predefined conditions that, when met, trigger a response. This response is what differentiates an IDS from an intrusion prevention application. This action can include the dropping or “scrubbing” of packets that match a signature or predefined condition that indicates unauthorized activity. It can also include blocking all traffic with ...
Get Intrusion Detection with Snort now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
