Please make a short PowerPoint presentation of the following documents about SNORT. The slides should look nice and attractive with images, graphics,

Creation & history

Created in 1998 

Martin Roesch invented the snort in 1998. By then, he was the CEO of a crossfire company. Martin Roesch invented the snort in 1998. By then, he was the CEO of a crossfire company. Snort is a free source intrusion detection software that constitutes a packet sniffer that monitors network traffic to scrutinize any harmful anomalies (Kaur et al, 2022). Snort as the leading open-source project started as a small application. Today, many people have adopted snort both on a commercial basis and for private use. Evidence shows that Snort has two million times from its official website. Martin Roesch is the founder and former CTO of Sourcefire even though, snort is now developed by Ciscom after it purchased Sourcefire in 2013. Snort was introduced into InfoWorld's open-source software in 2009 as the leading open-source software of all time (Thapa and Mailewa, 2020).

Pcap origin 

Pcap, also known as libpcap, is an application tool widely used in internet protocol to manage traffic sniffers, analyze packet logging, search and match content, and perform protocol analysis. A network research-based group originally invented it at Lawrence Berkeley Lab (Estrada, 2017)

Cisco Acquisition 

Cisco Systems acquired the Sourcefire Company in 2013, whose major objective was to create innovations to the open-source detection systems to provide comprehensive and efficient network defense solutions (Shahi, 2018).

Value to network admins

Open-source nature 

Snort is a strong open-source system that is both intrusion detective and preventive. It uses the admin-assigned language that involves signature inspection procedures, anomalies, and protocols to detect malicious activities. Snort enables its admins to identify distributed and denial of service attacks (Dos), buffer overflows, Common Gateway interface attacks (CGI), and malicious port scans (Fei, 2022). Snort designs multiple rules that alert the users of malicious network activities and packets. Rules for creating snort are generally easy to create and implement and can be deployed in any kind of network environment or business organization. Admin creates a series of rules in a snort that enables it to perform various actions. For instance, snort carries out packet sniffing, whereby it collects individual packets from network devices to monitor traffic transmission. Snort also works on configuration issues after logging traffic.

Consistent rule updates 

Snort contains the rule actions in its configuration file to define unusual activities and generate alerts to network admins. Snort enables the admin to consistently add or create new rules to the software (Fei, 2022). Therefore, this allows the users to convert the snort and define the processes it should carry out according to their desires. The network admins may create rules that tell the snort to monitor packets, prevent or minimize backdoor attacks, make specifications for each network, and print alerts.

Overview of important features

Snort consists of multiple features that enable network admins to watch out for potential malicious network activities and monitor their systems efficiently.

Traffic monitoring 

Snort has a traffic monitoring feature that controls and monitors the traffic that moves in and out of a network system. In case of any activities that threaten internet protocol networks, it alerts the network admins in real-time.

Packet Logging 

Snort consists of a packet logging mode that enables the admin to log packets into disks. Snort systematically collects and logs each packet in the packet logger mode depending on the hierarchical order based on the user network's IP address (Fei, 2022).

OS fingerprinting 

Different network platforms have unique internet protocol stacks, including OS fingerprinting. Snort, therefore, can be efficiently used to determine the kind of operating system used by a system that accesses a particular network.

Conclusion

This paper has provided the practical knowledge of snort, and how it addresses security concerns. It has also provided the history of the Snort, value to network admins, and important features. Snort is highly advantageous to admin networkers and organizations due to its efficiency in detecting malicious network activities. It is highly customizable due to its open-source nature and enables users to distinguish between normal internet activities and malicious activities.

References

Kaur Chahal, J., Bhandari, A., & Behal, S. (2019). Distributed denial of service attacks: a threat or challenge. New Review of Information Networking, 24(1), 31-103.

Estrada, V. D. C. (2017). Analysis of Anomalies in the Internet Traffic Observed at the Campus Network Gateway. arXiv preprint arXiv:1706.03206.

Shahi, M. A. H. (2018). Tactics, Techniques, and Procedures (TTPs) to Augment Cyber Threat Intelligence (CTI): A Comprehensive Study.

Fei, W. (2022). RASPBERRY HOUSE: AN INTRUSION DETECTION AND PREVENTION SYSTEM FOR THE INTERNET OF THINGS (IOT).

Gaddam, R., & Nandhini, M. (2017, March). An analysis of various snort-based techniques to detect and prevent intrusions in networks proposal with code refactoring snort tool in Kali Linux environment. In 2017 International Conference on Inventive Communication and Computational Technologies (ICICCT) (pp. 10-15). IEEE.

Thapa, S., & Mailewa, A. (2020, April). The role of intrusion detection/prevention systems in modern computer networks: A review. In Conference: Midwest Instruction and Computing Symposium (MICS) (Vol. 53, pp. 1-14).