Language Selection

English French German Italian Portuguese Spanish

Review: Nose Around With Snort

Filed under
Software
Reviews

The name Snort may conjure images of a specially trained swine sniffing out truffles. But Snort isn't an animal--it's an IDS (intrusion-detection system) with a rich language for matching patterns in network traffic. Snort provides a slimmed down, customized signature set to detect defined policy violations. It can determine, for instance, whether specific protocols are in violation of a security policy.

Let's face it, unless you're actively policing security-policy compliance, just having words in a document won't make you secure--you have to find policy violations and enforce your policies. Some of the products that prevent policy violations are pricey, but free and open-source Snort may be the only tool you need.

Full Article.

More in Tux Machines

Security: MuddyWater, DJI, Updates, Reproducible Builds and Excel

today's howtos

Android Leftovers

7 tools for analyzing performance in Linux with bcc/BPF

A new technology has arrived in Linux that can provide sysadmins and developers with a large number of new tools and dashboards for performance analysis and troubleshooting. It's called the enhanced Berkeley Packet Filter (eBPF, or just BPF), although these enhancements weren't developed in Berkeley, they operate on much more than just packets, and they do much more than just filtering. I'll discuss one way to use BPF on the Fedora and Red Hat family of Linux distributions, demonstrating on Fedora 26. BPF can run user-defined sandboxed programs in the kernel to add new custom capabilities instantly. It's like adding superpowers to Linux, on demand. Examples of what you can use it for include: Read more