Explore the concept of Next Generation Firewalls and learn about OpenAppID, an open-source solution integrating with Snort, in this conference talk from Circle City Con 2014. Gain insights into firewall evolution, from simple to complex environments, and understand the role of Intrusion Prevention Systems. Dive into OpenAppID's features, including application detection, custom rule writing, and file inspection. Discover how to examine output, create application rules, and leverage various detection functions. Enhance your network security knowledge with practical examples and techniques for implementing advanced firewall capabilities.
Overview
Syllabus
Intro
Overview
WTF is a Next Gen Firewall?
Regular Firewall
Simple Firewall
Larger Environment
IPS - Snort
Application Control
OpenAppID
New Requirements
snort.conf
Application Detector
Applications
Examining Output
Application Rules
Writing a Rule
Custom Detector
Port Detection Example
Custom Detection
Detection Functions
Other Detection Types
File Inspection Preprocessor
Supported
File Type Identification
File Capture Alert
