47
to set access control
lists.
Each component
is aware of
each other.
However,
it
certainly has the drawback of cost and complexity.
•
Peer-to-peer
architecture
involves
intrusion-detection
and
intrusion-prevention
information between peer components, each of
which performs the same kinds of
functions [1],
working
together
with
firewalls or
routers.
These devices are
used
in
peer-to-peer approach
to
distribute
information and
make
adaptive
defense
system.
Peer-to-peer architecture
is
considerably
more
efficient
to
use
for
organizations that
need
low
cost
without
sacrificing
effective
defense
capability
in the network.
2.1.9 SNORT Intrusion Prevention System
As
one
of
the
best
freeware
/
open-source
software,
Snort
has
been
widely
known
and
used
to
specially
detect
cyber
threats,
from content-based such
as
worms
to
rate-based
such
as
denial-of-service. It
makes
use
of
rule-driven
language,
to
combine
signature, protocol, and
anomaly-based inspection
method. It
is
classified as
rule-based
IPS
since
it
provides rule-based relative
information to
analyze
how
the
attacks emerge
and where it comes from. Although it is
mainly a network-based IPS, Snort can be set up
or configured to function as host-based IPS.
In
its operation, Snort can be run
in
three different
modes: sniffer
mode, packet
logger mode, and intrusion detection mode.
•
In
sniffer
mode,
Snort
is
configured
to
dump
captured
data,
take
the
header
and
body of each packet, and display it to the terminal screen.
 |