Feeds

Battle joined for future of open source IPS

Snort bares teeth at DHS-backed project

Securing Web Applications Made Simple and Scalable

Analysis The battle to develop the next generation of open source intrusion prevention systems (IPS) technology is intensifying between incumbent Snort and a US government-backed project, the Open Information Security Foundation (OISF).

Disagreements over technical issues such as the relative importance of developing IPS systems that support multi-threading have lately been accompanied by increasingly acrimonious exchanges that have taken a political dimension, with the Snort camp accusing the OISF of having nothing to show for $1m in public funding. Au contraire, OISF members argue.

The OISF project is in an advanced stage of development (see the project status report here) and is only needed in the first place because the Snort camp sat on its laurels and failed to innovate.

Network bouncers

IPS systems act as high-tech network bouncers - monitoring systems for malicious activities, such as malware or intrusion by hackers, and attempting to block these cyberassaults. The technology also carries out logging functions.

IPS systems are used by enterprises alongside firewalls and anti-virus as components of a defence in depth designed to safeguard against hacking attacks. Snort is a free and open source network intrusion prevention system (NIPS) created by Martin Roesch, and has enjoyed great success over the last ten years.

Roesch went on to establish Sourcefire, which markets a commercial version of Snort. Sourcefire maintains close ties with the Snort community.

Snort was until recently seen as one of the great success stories of the open source movement, and with good reason. The technology, which has been downloaded nearly four million times, boasts nearly 300,000 registered users. Almost 100 vendors integrate Snort's ruleset into UTM (universal threat management) and other network security devices. Snort's IPS rule set boasts more than double the number of vulnerability-based rules as its next closest competitor, according to Sourcefire.

Falling out

The reliance of federal government agencies on Snort led to US government opposition against a planned takeover of Sourcefire by Israeli firewall pioneer Check Point in 2006.

Fast forward four years however and the formerly close and protective relationship between the US federal government and Sourcefire/Snort has soured to the point that the Department of Homeland Security is funding an alternative through the OISF foundation. The Navy's Space and Naval Warfare Systems Command  (SPAWAR) and commercial partners are also contributing to the development of Suricata, OISF's open source IPS.

Apache security expert Ivan Ristic is working as a programmer on the project and Jose Nazario, senior security researcher with Arbor Networks, sits on its board. Other firms involved include Breach Security and IOActive.

Matthew Jonkman, president of OISF, a former Army air traffic control RADAR and communications technician, explained that the DHS is funding the project to "spur a round of innovation in the industry". He outlined some of the gripes the DHS holds against Snort.

Mobile application security vulnerability report

More from The Register

next story
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.