Introduction

So far, we ve discussed the concepts behind Snort, installation, configuration, and many other topics. While many of these topics covered some elaborate and detailed information, this chapter is dedicated to the more advanced features of Snort and how it can be used to provide an even greater degree of information security.

Snort can perform the same extensive intrusion detection tasks for which many companies are charging tens of thousands of dollars. With proper and knowledgeable configuration, Snort can be used to increase the effective security in your organization while at the same time saving a great deal of money. This might seem in contrast to most information technology solutions, but that s the power of the open-source community.

In this chapter, we discuss log and reporting capabilities, honeypots and Snort, dealing with law enforcement, policy-based intrusion detection, and inline intrusion detection. These additional functions work alongside Snort s normal intrusion detection capabilities. By using some or all of these functions, you can leverage the capabilities of Snort to help make your systems even more secure. Keep in mind that the technologies that we are using in this chapter all use Snort, we are just changing the views and output of the information being presented. After all, we re using Snort for all of these implementations. Policy-based intrusion detection and inline intrusion detection are simply variants of normal intrusion detection and differ only in their implementation. As always, intrusion detection is the concept of detecting intrusions on your systems or networks.