摘要:The Internet has revolutionized computer networks and the last decade witnessed tremendous expansion in its usage. It provides remarkable opportunities and growth potential for all types of organizations, academia and businesses. Network security is vital for any organization connected to the Internet. Foolproof network security is a key challenge which can be addressed by hardening the network against threats e.g., hackers, malwares, botnets, data thieves etc. Firewalls, antivirus and intrusion detection systems are used to protect the network. Firewall can control network traffic but sole dependence on this type of security measure is not enough. Attackers use open ports such as web server (http) port 80 and POP server port 110 to infiltrate networks. Intrusion detection system (IDS) minimizes security gaps and strengthens security of a network by analyzing the network packets for sifting malicious packets. Snort is renowned as a leader in IDS technology. Snort uses both misuse-based and anomaly-based techniques for capturing malevolent packets. Addition of prevention support in IDS is a step forward as it can help block malicious packets. Real time detection with prevention by Intrusion Detection and Prevention Systems (IDPS) has taken the security of a network to an advanced level by hardening the network against mischievous activities. The objective of this paper is to review the contemporary literature and to provide a critical evaluation of various techniques of intrusion detection and prevention systems. We analyze and identify the strengths and limitations of various techniques used in Snort-based IDPS systems. This paper also highlights the usefulness of IDPS in network security environment.
关键词:Snort;IDS;IDPS;misuse detection;anomaly detection;intrusion prevention system
