New Use Cases for Snort: Cloud and Mobile Environments
It addresses security for cloud and mobile systems, but is incremental as it applies an existing tool to new contexts.
This paper explores deploying the Snort intrusion detection system on a virtual machine in Microsoft Azure to secure cloud environments, and briefly examines its use in library systems and mobile devices.
First, this case study explores an Intrusion Detection System package called Snort (provided by Cisco Systems) in a cloud environment. Snort is an open source and highly scalable signature-based intrusion detection system. Here, Snort is deployed on Ubuntu Server 16.0.4 running on a virtual machine within a Microsoft Azure cloud system. This paper provides details on installing Snort on the virtual machine and configuring it for intrusion detection. The architecture here is based on a VM integrated IDS on Azure and demonstrates how a VM instance in the cloud can be secured through an IDS. Firewalls may be considered the first line of defense but they fail to secure systems from inside attacks. Next, two other areas (where Snort is less widely used) are briefly explored, namely library systems and mobile devices. Finally, this paper makes further recommendations on how a cloud network can be secured by distributed placement of the IDS and on each VM instances.