Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Firekeeper

Published: 2007-03-10
Last Updated: 2007-03-11 02:28:28 UTC
by Swa Frantzen (Version: 1)
0 comment(s)
Although it's labeled as an alpha release -and therefore should really be handled with care- the idea behind firekeeper makes it worth mentioning now.

We all love snort: it's basically free, pretty good -if not the best- and has a huge community supporting it. Jan Wrobel took the power of snort and inserted it in a plug-in for Firefox. Resulting in an IDS/IPS inside a browser. Jan kept the ability to use Snort's rules and reused part of Snort's engine. As it is running inside the browser it even gains the ability to look inside the https traffic that's now not encrypted anymore. Add the ability to pull in the rules remotely and it looks like something we should be watching for the future.

Note that we didn't say to go ahead an install it company wide, it's an alpha release. Test it in a controlled environment and give Jan some feedback so it'll get even better.

--
Swa Frantzen -- NET2S
Keywords:
0 comment(s)
Diary Archives