New Use Cases for Snort: Cloud and Mobile Environments (1802.02359v1)

Abstract: First, this case study explores an Intrusion Detection System package called Snort (provided by Cisco Systems) in a cloud environment. Snort is an open source and highly scalable signature-based intrusion detection system. Here, Snort is deployed on Ubuntu Server 16.0.4 running on a virtual machine within a Microsoft Azure cloud system. This paper provides details on installing Snort on the virtual machine and configuring it for intrusion detection. The architecture here is based on a VM integrated IDS on Azure and demonstrates how a VM instance in the cloud can be secured through an IDS. Firewalls may be considered the first line of defense but they fail to secure systems from inside attacks. Next, two other areas (where Snort is less widely used) are briefly explored, namely library systems and mobile devices. Finally, this paper makes further recommendations on how a cloud network can be secured by distributed placement of the IDS and on each VM instances.