July 1st, 2008

Snort Security Platform (Snort SP) 3.0 beta released

Posted by Nathan McFeters @ 8:01 am

Categories: Uncategorized

Tags: Snort, Beta, SnortSP, Snort 3.0 Architecture, Databases, Networking, Security, Enterprise Software, Software, Data Management

Congrats to Martin Roesch and crew for delivering the next in a long line of well respected open source security products.  From Snort’s site:
Snort Security Platform (SnortSP) 3.0 Beta
We’re pleased to introduce our first beta release built on the new Snort 3.0 architecture. The Snort 3.0 architecture consists of two primary components: a software platform called the Snort Security Platform (SnortSP) 3.0, which is shipping in beta form in this release, and traffic analysis engine modules that plug into SnortSP. This beta test release contains one engine module which contains the Snort 2.8.2 detection engine implemented as a SnortSP engine module. SnortSP is an open-source platform for running packet-based network security applications. It provides many of the common functions required by programs that deal with packet processing such as configuration loading, event generation and traffic logging, data acquisition, protocol decoding and validation, flow management, and more.

Major features:

• Shell-based user interface with embedded scripting language
• Native IPv6, MPLS and GRE support
• Native support for inline operation
• More subsystem plugin types such as data acquisition modules, decoders and traffic analyzers
• Multithreaded execution model - multiple analysis engines may operate simultaneously on the same traffic
• Performance increases

The purpose of this beta release is to allow people to get exposure to the technology and to use the code in real-world environments - and as an opportunity to solicit feedback on the design and user experience of the new Snort code. All feedback on the beta should go to <sspbeta’at’sourcefire’dot’com>.

-Nate

Nathan McFeters is a Senior Security Advisor for Ernst & Young's Advanced Security Center in Chicago. The views and opinions expressed in this article are his own and do not represent the views and opinions of Ernst & Young Advanced Security Center or Ernst & Young, LLP. Nathan has performed web application, deep source code, Internet, Intranet, wireless, dial-up, and social engineering engagements for numerous clients in the Fortune 500 during his career at Ernst & Young and has spoken at a number of prestigious conferences, including Black Hat, DEFCON, ToorCon, and Hack in the Box. He can be found at his Pwn* blog and XS-Sniper, a blog with Billy Rios. See his full profile and disclosure of his industry affiliations.