Network Security

Question 6

What is the relationship between antivirus software and a program like Snort?

Anti Virus software inspects files, folders, email attachments and all other downloaded content for malicious code. An IDS program like SNORT plays a similar role, but in relation to the packets which are accepted in through a network. It monitors them by comparing against a set of rules (like with AV software DBs) for known attack signatures, patterns of malicious activity and traffic. Anti Virus software, detects, cleans or disposes of the infected incoming files. SNORT can raise alarms when it detects an intrusion, close down internet links and take further action like logging activities and backtracing.

Snort is a detection mechanism while antivirus software is able both to detect and react. Snort can see the activity on the network and raise the alarm. Antivirus software can remove the attack at the entry point at either the network level or on the individual computers - and on individual computers allready present 'infections' can be removed