Having an intrusion detection and prevention system in a small and medium office is essential to ensure greater security. Thanks to IDS / IPS software , we can analyze all network traffic based on different rules and signatures, in order to block possible attacks that are being carried out on us. IPS (Intrusion Prevention System) is so important that even manufacturers like ASUS, in their home routers, have incorporated this functionality in a basic way. Snort is one of the best IDS / IPS that we currently have, now the Snort 3 version has been released with a lot of very important news. Do you want to know all the details of the new version?
Snort 3 main features
Snort 3 is now available, great news for those users who did not know whether to continue using Snort, or switch to Suricata, another of the best intrusion detection and prevention systems that we currently have. The latest version of Snort is 3.1.0.0, and it has really been highly anticipated by users for all the news and performance improvements it incorporates. We must remember that Snort is an open source intrusion detection and prevention system, capable of performing traffic analysis on one or more network interfaces simultaneously and in real time, registering all packets and comparing it with different rules and signatures that we can configure or download from the internet from official sources.
Snort 3 has been designed to preserve the best of the previous version, but they have added very interesting features, now we can protect users’ networks from unwanted traffic, malicious software and even spam and phishing. The Snort 3 development team has started from scratch for the launch of this version, in fact, according to the official statement they have spent 7 years developing it, because they wanted to make the best IDS / IPS and one of the most effective and efficient. Thanks to this new version, the rules are faster and more efficient, which translates into lower CPU and RAM consumption, and higher bandwidth for users, without having a bottleneck in the firewall.
Snort is compatible with many different operating systems, including FreeBSD and also Linux. It is very possible that soon, the development team of pfSense and OPNsense, two distributions specifically oriented to firewalls, will integrate this new version of Snort by default or as an extension, since it represents a very important improvement. However, this could take months for the pfSense and OPNsense development teams to thoroughly test this new IDS / IPS which is very different from Snort 2.
Some of the new features of Snort 3 are the following:
- Support to process packets with multiple threads, so far Snort could only analyze traffic with one thread. This will increase performance exponentially thanks to the fact that today’s processors have 8 cores and even more.
- Shared configuration and attribute table
- Rules programming is much easier than before
- Automatically detect services, without having to specifically configure ports
- Allows self-generation of reference documentation
- Better cross-platform support on different operating systems.
For several months we had the “Release Candidate”, it is very important that you update to the latest version because many corrections have been made thanks to user reports. Some improvements that have been made since the last version are that it incorporates improvements to reload the configuration, it has improved HTTP / 2 inspection with bug fixes, variable IPSs have been moved to specific tables, it has improved discovery of networking and bug fixes.
The Snort development team recommends moving to Snort 3 from Snort 2 as soon as possible, however on major firewall-oriented operating systems like pfSense, we don’t have it available as an upgrade yet. We currently have version 2.9.16.1 installed which is one of the latest versions currently.
Sometimes the pfSense development team makes new versions available as an additional available package, to choose between the “old” version or the new version. However, in the latest stable version of pfSense we don’t have it available:
It is very possible that in the next version pfSense 2.5.0 they will incorporate this new version of Snort 3, together with the new WireGuard VPN , which is a feature already confirmed by the pfSense development team.
We recommend you visit the official release of Snort 3 where you will find all the details of this new version.