AbstractNetwork security is a multifarious and standardizedproject. The intrusion detection system is the first line of security inopposition to the network security. It detects attack against a network or anycomputer system. It protects the system against malware and unauthorized accessto a system. Snort is one of the famous intrusion detection systems. It is usedin open source software.
People use network intrusion detection and intrusionprevention system in worldwide. This paper explains how snort implements inintrusion detection, which includes basic installation, rules tree, compilingenvironment and analyzing work-flow. IntroductionComputer technology is growing and developing day byday. Now various network security tools people use in daily life such asfirewall, antivirus etc.
But in the network, there is number of security riskeveryone faced. In network security number of important tasks are available theintrusion detection system is one of them. It plays an important and primaryrole in network security. Intrusion detection collects the sensitiveinformation of the network and gives warning about possible attacks and itgives an alert.
The people can build up their network intentionally basing onall kind of predict information. This will create a secure network environment1. Intrusion is a set of activities.
It is used to detect suspicious activityboth the host level and on the network. IDS catch packet from the network andapplies some rules to its data and detect it. Snort is a network intrusiondetection system and intrusion prevention system. Policy, management, andtechnology are very important in intrusion detection. In snort, there is numberof rules available this means it is a multi-mode packet analysis tool. In this,anyone can make their own rules to detect intrusion activity. Rules are alsoknown as the signature.
Modular detection elements are combined to create thesesignatures. Creation of new rules are relatively simple and this system isflexible. Snort build their own internal data structure or chains. Snort canrun in multiple ways.
Port can be used to send traffic. This report proposedall information about snort such as Snort’s implementation and application. Itincludes constructing the assembling environment of snort on Linux andanalyzing the workflow and rule tree structure of snort.