Love is the best guide to chose right from wrong
Advertise on this site  
Read and enjoy hundreds of helpful earlier posts by categories:
My Love Love Secrets of Love Help Internet SEO Linux admin Funny jokes Fun Kriya Yoga Christmas Editors pick
Philippines Cambodia Business solutions Alternate lifestyle Life and death Politics and God Chat
Deutschsprachige Posts zu folgenden Kategorien:
Liebe Weihnachten Reisen
Anteriores artículos de blog en español:
Dios y amor
Google
 

[Linux admin]Received Wed, 17 Dec 2008 14:56:13 PHT

Nessus or snort: Which one is better snort or nessus. Howto optimize your server and network security by implementing IDS and security scanner. Snort vs nessus functionality comparison

In forums you find often questions about nessus and snort - which of the two to chose?

  1. Nessus is a security scanner / network security vulnerability scanner
  2. Snort is an IDS / IPS - Intrusion Detection System / Intrusion Prevention System

Both above security software packages are state of the art industry leaders. Both are a de facto industry standard for server, desktop, laptop or network security. At home, in your smallest office, in corporate environment, in industry as well as in hosting or server WAN / LAN environment. Even as an ISP you could substantially contribute to security of your customers and targeted sites using security software.

My short answer is: If you walk from east coast to west coast or from Germany to Italy - which foot is better, your left foot or your right foot? You instantly realize you need BOTH feet to do a pleasant and perfect job - left and right. Hence for network and server security optimization you need both: Nessus as a security scanner and snort as your intrusion detection system or better intrusion prevention.

A brief introduction of both nessus and snort

Nessus

As a Linux vulnerability scanner, nessus is available for FREE for a variety of OS platforms such as:

  1. Linux: Fedora, Red Hat, CentOS, SuSE, Debian, Ubuntu. May be others as well. I successfully run nessus since years on SuSE - currently on openSUSE 11.0
  2. FreeBSD
  3. Solaris
  4. Mac OS X
  5. Windows XP and Vista

Nessus is installed on any of above platforms / OS and from there can scan any network or server of above list. I have nessus installed on my laptop and scan my LAN working area or my own server from my laptop, an Acer Ferrari 5000 with dual CPU x86_64 and 4 GB RAM.

Nessus is constantly updated and updating can be done automatically on daily basis, with more than 20'000+ plugins to test against all known vulnerabilities of your system, OS, server or network. Nessus works from outside - throwing all possible malicious hack attempts to a server or network. Scanning ports, scanning for available software vulnerabilities of all major software packages and scanning for known bugs / backdoors or even weak passwords of a target system. Hence nessus acts like a hacker - throwing all malicious stuff at your target to either find weaknesses or to crash a system or to confirm all is tight and secure. nessus gives you a very detailed and comprehensive report including precise suggestions how to fix security problems!

Using nessus is like the security inspection of an airplane before it leaves the factory to the customer airline. All possible parts of a system are inspected by abusing a system or at least by attempting abuse with all known methods. Similar to virus software that needs to be updated daily to get newest virus detection components, nessus also is updated daily to get all newest known vulnerability test "plugins".

Hence to really test your system, your OS, your own customized configuration and software installation with nessus, you should deactivate ALL other security features, deactivate firewalls, iptables, mod_security, fail2ban, etc. You really want to have a naked operating system and totally unprotected software packages tested to find any leaks or vulnerabilities. Updated your entire system first to have the very newest packages installed on the test system. If nessus security scan finds any security problems, fix and retest until all alerts solved.

Now that you belief to have a clean and secure system, all that is left might be very newest, yet undetected bugs and security issues.

Now it is time to reactivate all your other updated security measures such as firewall, etc again.

If however you leave all your existing security features and firewalls active during nessus security scans, then your installed security system merely is covering up your existing security vulnerabilities and security weakness in your system or configurations. Any hacker who knows how to bypass your security system might still be able to break into your system and cause damage to your system.

Snort

Free download from the official snort project site.

Snort "sits" inside your house and watches for anything leaking inside or throwin at your house. Hence snort makes sure that any hacker managing to bypass your firewall or other security system will get caught and neutralized before damage occurs.

Hence nessus vs snort - Nessus is outside a hose throwing stones, water, fire and toxic gas at your house - trying to destroy the inside. While snort is inside watching and neutralizing anything that tries to leak into your house from outside. Nessus and snort are like left foot and right foot - partners having the same goal and same intention but using two totally different but complementing techniques to neutralize all compromising activities.

Hence again as for above reason. After you installed and configured snort, you deactivate ALL other security protection and let snort run against the brute force Internet world - or - let nessus run from outside using any and all malicious and destructive scan techniques while snort hast to be able to detect all and neutralize all aggression coming from nessus and / or from real world Internet hackers.

If your network or server is of any significant importance, then it would be best to run both - snort and nessus - on a honeypot with full software and web features for a few months or even for good. Just to monitor and learn from all types of intrusion and brute force attacks being thrown at your server or network.

Snort uses "rules" to detect or prevent intrusion attempts. There are official rules and community created rules. In addition you can learn to create your own customized rules adapted to your special needs or server / network environment.

When installing snort on openSUSE, you may want to have a look at my previous snort howto prevent some common problems with snortd init file.

There are other additional security software packages you may want to have installed to further optimize your security system. I may elaborate on those later on when more time available - or - you use Google and search for available nowtos on a.m. additional security relevant tools. Other security systems include apache mod_security, fail2ban, knockd, iptables, seccheck tool, rootkit detection, etc. For now you may be fully busy learning, understanding and implementing above 2 security systems., First do all the testing on your own laptop. Why I emphasize laptop and rarely mention desktop ? Because modern professionals are qualified, strong and thus move, travel, enjoy freedom, work where a healthy and pleasant working environment is available - at home amidst loved ones or on a island paradise like I do. Hence all your important software and security stuff always travels with you - in a laptop in hand carried cabin luggage when traveling by air.

Love and Bliss

hans

permalinkpermalink   
AddThis Feed Button
Home

Kriya Yoga, God and Love = Cyberspace Ashram

Internet Blogs - Blog Top Sites Religion blogs Internet Blogs Blog Submission Blog Top List Love