Snort.org home  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Downloads Snort Docs Rules Snort Community Snort Forums Snort Training
Search Site
Search Rules
Account
email
password
not registered?
user preferences

Snort Forums Archive

Archive Home » Snort Newbies » Is Snort Similar to Nessus?

Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.

[ Notice: Full Version of This Topic ]

Is Snort Similar to Nessus?


Posted by Gonzo on March 09, 2005 04:52:36

Hi, I currently use Nessus for our penetration testing, is Snort similar to this?

Posted by maverick on March 09, 2005 06:37:14

Nessus is an active vulnerability tester, Snort is an intrusion detection system (barring the use of inline). Basically, one actively probes boxes while the other passively listens. The only real similarities would be the concept of signature/plugin use.

Posted by Gonzo on March 09, 2005 22:52:44

Thanks maverick, do you recommend a vulnerability scanner? Along with Snort?

Posted by maverick on March 10, 2005 06:37:57

Depends on what you want to accomplish, amount of time you can devote to it, and level of expertise. As a security professional, I always think that additional security measures will save you time and money in the long run. I highly suggest running snort full-time and actively vulnerability scanning on a set interval (daily, weekly, monthly) on at the very least your critical systems. Nessus outputs can be daunting and it will take time to analyze and act on the results. But they are extemely useful, usually very well detailed, often include measures for fixing vulnerabilities, and most importantly, its free! Just make sure you disable the DOS/dangerous plugins on Nessus if you do so and can't afford downtime or if you are new to Nessus! Take some time to become familiar with it before using it on a large scale. I'm sure many nessus users would admit (or maybe not) that in their early days of use, they had a printer or two spewing out "Help Me" messages on sheets of paper.

Posted by digithead on March 15, 2005 11:29:07

He's right! Nessus is AWSOME... but you really have to spend time 'playing' with it to get familiar with it. Snort is equally as complex... I've been 'playing' with both 'toys' on my network for quite some time and I'm still learning! If you have the equipment to spare, I'd have BOTH of them setup and 'fool around' with them as much as you can to get to learn them.

site feedback | Terms of Use | Privacy Policy | forum archives ©2008 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.