30-03-2012, 12:33 PM
Malware Detection in Local Area Networks with Snort
aapejay (1).pdf (Size: 67.87 KB / Downloads: 71)
Introduction
The expansion of the Internet and e-
Commerce has made organizations more
vulnerable to electronic threats than ever
before. With the increasing quantity and
sophistication of attacks on IT assets,
companies have been suffering from
breach of data, loss of customer
confidence and job productivity
degradation, all of which eventually lead
to the loss of revenue.
3 Snort in a Large Corporate Network
3.1 Snort Rules
3.1.1 Sources
Snort being able to deploy any kind of
rule, Snort rules are not included with
the software. However, there are
different sources for finding and
deploying rules:
Vulnerability Research Team (VRT):
These are the “official" Snort rules. They
are provided by sourcefire and are
updated on a weekly basis by the
sourcefire VRT.
Emerging Threats (ET):
Emerging
threats rules are an open source
community based project. This set is the
fastest moving and most diverse Snort
set of rules. The rules are updated
several times per day.
4 CONCLUSIONS
Based on the open source and freely
available software’s, we have developed
a Network-based customized solution
which monitors all network traffic
coming into network to analyse the
different type of malware attacking the
network based upon the signature of
malwares, update new rules/signatures,
tune the rule set of N-IDPS as per the
network of educational institute to drop
the traffic in real time.