Galen Grimes, Assistant Professor of Information Sciences and Technology, was published in the April, 2005 issue of Network Security.
Grimes' article, "Network security managers' preferences for the Snort IDS and GUI add-ons," addresses the difficulties of using Snort, one of the most widely used Intrusion Detection System (IDS) products on the market, and the myriad of graphical user interfaces (GUIs) produced by Snort developers in an attempt to provide an easier way for network security managers to fully configure and use the program.
According to DataNerds, "Snort is a lightweight network intrusion detection system that can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes to a computer system." Snort works on Linux, most UNIX platforms, and Windows. While having the ability to detect more than 1200 different types of scans and attacks, it is tedious and difficult to use.
The Network Security article explains the improvements made in front end user interfaces and how these interfaces have greatly expanded the use of Snort as the Intrusion Detection System of choice. The user study which supported the article was a survey of 195 network security managers from US colleges and universities selected from 40 states and the District of Columbia. The survey attempted to determine whether the network security administrators use Snort and any of the available add-on products and what factors contributed to their decision to use a particular add-on.
The article conclusions address the issues of which GUI front end add-ons to use, how network administrators are using the programs, on which platforms to address security needs, and how to simplify the overall operator efficiency and usability of the Snort sensors to guard against network attacks.
Mr. Grimes heads the Information Sciences and Technology program at the campus and has developed a course on network security for the University.