Does Snort support target-based intrusion detection?

Learn what target-based intrusion detection techniques are is, and whether Snort uses them.

About the author
Richard Bejtlich is director of incident response at General Electric Company in Manassas, Va. and blogs at Bejtlich.net and TaoSecurity.com. Listen to the rest of Richard's answers on Snort by downloading our Snort podcast.

Target-based intrusion detection is a process by which the detection engine customizes its behavior based on the characteristics of the target of an attack. For example, it does not make sense for an IDS to treat an Apache Web server on FreeBSD 7.0 the same as an IIS Web server on Windows Server 2003 when an intruder attacks it. Ideally the IDS would understand the differences in the two computer's network stacks and other features affecting detection choices. Snort indeed supports various forms of target-based intrusion detection techniques, and the tool is a leader in this respect.

This was first published in January 2008

Dig deeper on Network security products, technologies, services

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close