Using Snort v1.8 with SnortSnarf on a RedHat Linux System
To effectively implement system and network security, a multi pronged approach should be used. Proper security policies, firewalls, proxy servers, properly complex passwords and intrusion detection systems layered together help form one of the bedrock principles, defense in depth. The purpose of defense in depth is to prevent inherent and unknown flaws in the technologies deployed from allowing unauthorized access into a system or server. The intrusion detection system's (IDS) job is to log attempts of unauthorized network access into the systems. There are two basic types of IDS systems, host-Based (HIDS) and network-based (NIDS). A host-based system would be on each and every host to be monitored. A network based IDS monitors the network traffic and is not directly impacted by which OS types are installed. The OS mix is only important in deciding which rule sets to deploy. The IDS system log files along with system log files go a long way to implement another principle 'Prevention is Ideal but detection is a must.' But what does detection do if the data is buried deep within the IDS log files? This analysis concentrates on several ways of getting the log file information from an open source IDS system called Snort. The tool that is explored for that purpose is SnortSnarf.
335 (PDF, 1.61MB)
25 Jul 2001Related Content
Autonomous Endpoint Management: Next-Gen Endpoint Visibility Fueling SecOps and IT Ops with AI
Research PaperThis First Look outlines how Tanium’s single-agent architecture and AI-powered capabilities empower teams to operate from a shared source of truth, reduce operational overhead, and achieve measurable ROI.
- 10 Nov 2025
- Matt Bromiley
Cloud Security Groundhog Day: Avoiding Recurring Mistakes in a Dynamic Landscape
Research PaperDownload the SANS ebook and learn how to strengthen your cloud and AI security strategies.
- 16 Oct 2025
- Dr. Anton Chuvakin, Dr. Paul Vixie, Frank Kim, Simon Vernon, Brandon Evans, Dave Shackleford, Wesley Kuzma
ZTA Unpacked: The Critical Technical Components of Zero Trust Architecture
Research PaperThis paper demystifies the technical foundation of Zero Trust Architecture (ZTA) and outlines the key technologies that drive modern, mature implementations.
- 15 Aug 2025
- Greg Scheidel
Navigating the Challenges of Securing Hybrid Environments
Research PaperThis paper explores ways to bring clarity and control back to your hybrid security strategy—with practical guidance on Zero Trust, unified monitoring, and the evolving role of AI in modern defense.
- 24 Jul 2025
- Matt Bromiley
Securing Azure with PIM: A Just-in-Time Access Study
Research PaperThis study assesses Azure Privileged Identity Management (PIM) and its Just-in-Time access model within a controlled Azure environment, simulating enterprise scenarios across Azure Subscription Roles.
- 11 Jul 2025
- Dustin Bourgois
Resiliency and Business Continuity in the Cloud Era
Research PaperIn this white paper, Dave Shackleford unpacks today’s evolving cloud threat landscape.
- 21 May 2025
- Dave Shackleford
Out-of-Band Defense: Securing VPNs from Password-Spray Attacks with Cloud Automation
Research PaperThis research examines an out-of-band solution to detect and block password-spray attacks on Remote Access VPN services, addressing vulnerabilities like Cisco’s CVE-2024-20481 amid rising threats post-COVID-19.
- 12 May 2025
- SANS Institute
Securing the Future with Microsoft Defender for Cloud: Best Practices and Insights
Research PaperIn this paper, you’ll learn how to enhance your cloud security posture through actionable insights and use cases involving Microsoft Defender for Cloud.
- 26 Mar 2025
- Dave Shackleford
The Flavor of Clouds: Are Some Cloud Platforms More Attractive to Attackers?
Research PaperSignificant financial loss and sensitive data exposure continue to be a significant risk for entities that host systems in the cloud.
- 17 Feb 2025
- James Smith
Detecting Azure Hybrid Machine Attack Paths with Graph Theory
Research PaperThis research extends the data collected by the security tool BloodHound to uncover hidden connections between on-premises devices and their cloud identities within an Azure environment.
- 7 Jan 2025
- Shawn Woods
Cloud Security Monitoring on AWS
Research PaperCloud services adoption is growing massively year over year. In most cases, moving to the cloud...
- 8 Feb 2021
- Sherif Talaat
Firebase: Google Cloud's Evil Twin
Research PaperFirebase allows a frontend application to connect directly to a backend database. Security wonks...
- 8 Oct 2020
- Brandon Evans
Compliance Benchmarks using Cloud Custodian
Research PaperWith the increased cloud adaption rate, many companies are looking for ready to use product...
- 25 Sep 2020
- Vishnu Varma
Top 5 Considerations for Multicloud Security
Research PaperThe move to leveraging multiple public cloud providers introduces new challenges and opportunities...
- 15 Apr 2020
- Brandon Evans
Cybersecurity in the Age of the Cloud
Research PaperThe hand-selected resources in this eBook provide a well-rounded look at cybersecurity...
- 21 Feb 2020
- Frank Kim
Secure Internet Gateways: Backing Down from a Fight
Research PaperWhen does a security agent become a double agent? On-premise corporate devices are protected by a...
- 2 Nov 2018
- Seth Polley
Intrusion detection through traffic analysis from the endpoint using Splunk Stream
Research PaperWith technologies such as software-defined wide area networking (SD-WAN) and cloud operations, the...
- 24 May 2017
- Etrik Eddy
Cyber Security Trends: Aiming Ahead of the Target to Increase Security in 2017
Research PaperAttackers are always changing their methods, but some cybersecurity trends are clear--and...
- 20 Mar 2017
- John Pescatore, John Pescatore
Moving Legacy Software and FOSS to the Cloud, Securely
Research PaperAs more organizations consider the benefits of cloud adoption and use of legacy or freeand open...
- 28 Dec 2015
- Larry Llewellyn
An Introduction To Securing a Cloud Environment
Research PaperWhile Cloud services offer flexibility, scalability and economies of scale, there have...
- 27 Nov 2012
- Todd Steiner