DocumentCode :
3132537
Title :
LASSP: A logic analyzer for tweaking snort security and performance
Author :
Hafeez, Khalid ; Masood, Muddassar ; Malik, Owais ; Anwar, Zahid
Author_Institution :
Sch. of Electr. Eng. & Comput. Sci., Dept. of Comput., NUST, Islamabad, Pakistan
fYear :
2010
fDate :
18-19 Oct. 2010
Firstpage :
240
Lastpage :
245
Abstract :
Snort, an intrusion detection/prevention system (IDS/IPS), performs protocol analysis, content searching/matching, and is commonly used to actively block or passively detect a variety of attacks and probes. When snort is running in intrusion detection mode, it allows the user to analyze network traffic against s user defined set of rules. A rich set of rules is easily available which allows a non-expert of security to use snort for his network protection with a false sense of confidence. Snort rules are quite large in size and number thus adding or deleting rules without a proper understanding may lead to an unsecure environment. Moreover enabling all rules in the list in snort configuration might enable security but can cause severe performance degradation. We have developed a system that infers security and performance levels of snort by analyzing its configuration and the snort rules that are enabled. This system may facilitate a non-expert of security to automatically tweak the security and performance levels of his network and to configure it according to the organizational policy.
Keywords :
authorisation; computer network security; logic analysers; IDS; IPS; LASSP; Snort security; intrusion detection; intrusion prevention system; logic analyzer; network traffic; Communities; Engines; Inspection; Intrusion detection; Java; Probes;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Emerging Technologies (ICET), 2010 6th International Conference on
Conference_Location :
Islamabad
Print_ISBN :
978-1-4244-8057-9
Type :
conf
DOI :
10.1109/ICET.2010.5638483
Filename :
5638483
Link To Document :
بازگشت