Sites:
Home > Technical Library > Industrial and Engineering Software > Chapter 9: Keeping Everything Up to Date

Chapter 9: Keeping Everything Up to Date

By et al.
From Snort 2.1 Intrusion Detection, Second Edition

Introduction

As with many other open-source projects, the Snort Intrusion Detection System (IDS) is evolving all the time. To keep up with its development and use additional features that appear in new releases, you need to be able to update your installation periodically. The update process is usually simple versions of Snort are backward compatible so all you need to do is recompile the source (if you prefer building Snort yourself) or reinstall a package; for example, a Red Hat .RPM module, which is available from the distribution site. As with all open-source projects, it is possible that someone has coded some extra functionality into his/her Snort package that is not in the distributed version, and you want to try it out. In this case, you can patch your Snort source code with the changes distributed by that person and see the results. The most important updates are the rule updates that should be applied to the Snort sensors on a regular basis. Some rule updates are created by people in response to emergencies, such as new, overwhelming attacks similar to CodeRed and the recent MS SQL Slammer worms. Some updates are simply an improvement of an existing rule (hence the rev value that can be in rules and was discussed in Chapter 5, Playing by the Rules ), and others are new rules to deal with new attacks or vulnerabilities. Several rule databases are updated on a regular basis and available at various Web sites like www.snort.org and whitehats.com, although the owner of...

Copyright Syngress Publishing, Inc. 2004 under license agreement with Books24x7
Products & Services
Network Firewalls
Network firewalls protect computer networks against unauthorized use or attack. They permit or deny access to private network devices and applications, and represent an important part of an organization's overall security policy. Firewalls may be software applications, hardware devices (such as routers), or a combination of both. They include turnkey products that are relatively easy to install as well as complex, multi-layer installations that require the expertise of a certified network administrator. 
MSDS Software
MSDS software is used to create, manage and distribute material safety data sheets (MSDS) for chemical products.
Network Security Platforms
Network security platforms are designed to protect networks from incursion by external sources.
Rules and Length Gauges
Rules and length gauges are flat, graduated scales used for length measurement.  For OEM applications, digital or electronic linear scales are often used.
Data Mining Software
Data mining software is used to sort large amounts of data and identify or mine relevant information. Applications use advanced search capabilities and statistical algorithms to identify patterns and correlations in a large database, data warehouse, or corpus.
Topics of Interest

Introduction So far, you have learned many of the reasons that Snort is a powerful, important tool to add to your network security toolbox. However, the hype is all for naught if Snort is not...

Introduction As with many other open-source projects, the Snort Intrusion Detection System (IDS) is evolving all the time. To keep up with its development and use additional features that appear in...

Fitting Snort into Your Security Architecture Since you re holding this book, we assume that you have or are interested in having Snort in your network. Snort is a very flexible network IDS,...

Introduction This chapter explains the internal workings of Snort, the components used, and why they are used. Snort is currently at version 2.0.0 and has progressed significantly through the years.

Introduction One of the most highly praised functions of Snort is the capability for the users to write their own rules. In addition to the large rulebase that Snort comes with by default, IDS...