A comparison of Snort’s network performance on cisco firepower and a Linux PC
2023 (English)Independent thesis Basic level (university diploma), 5 credits / 7,5 HE credits
Student thesisAlternative title
En jämförlse av snort’s nätverksprestanda på ciscofirepower och en linux enhet (Swedish)
Abstract [en]
The importance of securely protecting the network cannot be understated and is only growing as more businesses and personal users rely on digital appliances and the internet, despite this need it is also important to consider both the effect on the network performance when implementing security measures and the cost. This study explores one of the leading opensource solutions among existing IPS, Snort and its effect on network performance when deployed as an IPS on a commercial device firepower and a normal Linux computer to determine if it is advantageous to save costs by setting it up on a non-dedicated device and the effect network performance when done. In order to measure the degree of effect this study defines network performance as the effect on latency and throughput when running snort in inline mode. The study explores how these factors vary when experiencing different quantities of malicious traffic during high-usage of the link.The effect as concluded in this study is that snort running on Linux has a minor effect on latency with 2.5 ms larger delay in comparison to running on the commercial alternative firepower, it is also observed that the difference grow as the number of malicious packets increases and depending on need for low-latency environment and quantity of malicious packets caused by deployment location is main determinants when choosing between setting it up on a Linux device against using it on a firepower device. The maximum throughput for both devices is capped slightly below 60 Megabyte data per second on a 1 Gigabit link but the Linux device showed larger variance between the same and lower maximum throughput during the different tests, the exact cause of this variance is not known and requires further study. The study concludes that depending on user needs and location of deployment using a noncommercial version of the popular IPS Snort is a valid option if one can accept a slight loss in latency and have the knowledge required to set it up.
Place, publisher, year, edition, pages
2023. , p. 44
Keywords [en]
Snort, Linux, Firepower, nätverksprestandard, latency, bandwidth
National Category
Computer Systems
Identifiers
URN: urn:nbn:se:hv:diva-19922Local ID: EXN300OAI: oai:DiVA.org:hv-19922DiVA, id: diva2:1754952
Subject / course
Computer engineering
Educational program
Nätverksteknik med IT-säkerhet
Supervisors
Examiners
2023-05-242023-05-052023-05-31Bibliographically approved