Explore the history and future vision of Snort, the popular open-source intrusion detection system, in this conference talk from the Security Onion Conference 2017. Join speaker Joel Esler as he delves into Snort's evolution, from its inception to its current role in cybersecurity. Learn about key milestones, including the Sourcefire acquisition, community management, and the development of innovative features like Store and Fire Harvest. Gain insights into the challenges faced during Snort's development, such as HTTP URI handling, dynamic buffers, and file-based attack detection. Discover how Snort has adapted to address legal issues, improve documentation, and enhance its capabilities with features like Storm Threshold and Flow Bits. Whether you're a seasoned security professional or new to intrusion detection systems, this talk offers valuable knowledge about Snort's impact on network security and its ongoing development.
Overview
Syllabus
Intro
Sourcefire
Community Manager
Fire Harvest
Start from scratch
Why build Store
Backstory
What Violated Us
HTTP URI
Learning Curve
HTTP Alert
Do we need it
Dynamic Buffers
HTTP Header Buffer
FileBased Attacks
Current Role
File Type
Browsers
Legal Issues
Documentation
Storm
Threshold
Feedback
Flow Bits
Look Fire
Snort Tools Manual
Taught by
Security Onion
