Snort Report 11 Posted
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZZXQLeUZ70y_rSem6U5ALuVtS4zwlMuEadvvHdQ-CfY5YOT3yMBacNqwnipNuRIvE5ZbQ7y8i2DG6ZE5xYmGfh5KlfkMoy0-5p4XXpkKs02auljthkX_9uKujs62oS3wTSd7i/s400/snortorg_xmas.jpg)
In the first Snort Report I mentioned a few things value-added resellers should keep in mind when deploying Snort:
1. Snort is not a "badness-ometer."
2. Snort is not "lightweight."
3. Snort is not just a "packet grepper."
In this edition of the Snort Report, I expand beyond those ideas, preparing you to use Snort by explaining how to think properly about its use. Instead of demonstrating technical capabilities, we'll consider what you can do with a network inspection and control system like Snort.
The editors titled this piece "Snort Limitations" -- I didn't.
Comments
Try reading my insider threat posts for several years worth of discussion to the contrary.