Network Protection: Firewall, NAT, QoS, & IPS snort : astaro

UTM Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 3 replies
Subscribers 2 subscribers
Views 843 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

snort : astaro

simby over 14 years ago

Hi!

What is the difernt betwen snort 30.000 rules and astaro 10.000 rules?

Why is 20.000 IPS rules missing?

This thread was automatically locked due to age.

0 Scott_Klassen over 14 years ago

You can find lists of the different snort rules used in Astaro at Index of /lists.

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel
0 simby over 14 years ago in reply to Scott_Klassen

I'm sorry, but unfortunately still do not know why it has 20,000 fewer rules in its database, compared with a publicly available database of Snort, which is used for IPS Astaro. Does this mean that we have less secure network with Astaro 8200?
Cancel
Vote Up 0 Vote Down

Cancel
0 Scott_Klassen over 14 years ago

Many of the rules in the community database version of snort have not been rigorously tested and can frequently cause false positives. As well, there are many rules which don't work or have long ago been superseded. Astaro is a commercial product, so must be more diligent about the rule sets that it uses, so as not to cause issues for its' paying business customers.

This does not make it less secure, but more tuned for efficiency and usability.

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel