Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Firekeeper - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Although it's labeled as an alpha release -and therefore should really be handled with care- the idea behind firekeeper makes it worth mentioning now.

We all love snort: it's basically free, pretty good -if not the best- and has a huge community supporting it. Jan Wrobel took the power of snort and inserted it in a plug-in for Firefox. Resulting in an IDS/IPS inside a browser. Jan kept the ability to use Snort's rules and reused part of Snort's engine. As it is running inside the browser it even gains the ability to look inside the https traffic that's now not encrypted anymore. Add the ability to pull in the rules remotely and it looks like something we should be watching for the future.

Note that we didn't say to go ahead an install it company wide, it's an alpha release. Test it in a controlled environment and give Jan some feedback so it'll get even better.

Swa Frantzen -- NET2S

760 Posts
Mar 11th 2007

Sign Up for Free or Log In to start participating in the conversation!