Configuring Snort as a Firewall on Windows 7 Environment

Abstract

Nowadays, computer networks play an important role in our daily live, and the widely use of computer networks are for accessing the internet. The network administrator has a full ability to control all access types to network, and tasked to allow or discard some of the connections. By using Snort Intrusion Detection System (IDS), the network administrator can monitor network access from the sender to the receiver. Snort is one of the IDS, and it is difficult to configure it with closed source operating systems for the purpose of accessing and terminating connections. Moreover, it needs more requirements to work with windows operating system. Snort is compatible with open source operating systems such as Linux but there is a need to configure it with closed source operating systems such as windows operating system. In this paper, Snort is configured with windows 7 operating system so that it will work as a firewall to monitor and terminate connections. This configuration is successfully achieved by identifying new rules in snort package. Using snort IDS, network administrator is able to monitor, allow, and block any accessing to the web with the ability to get alerts containing information related to the connection such as IP address and port numbers. Moreover, a Graphical User Interface (GUI) has been developed to allow end user to configure new snort rules with a user friendly interface depending on snort user requirements. The results indicate that the Snort can be configured with Windows 7 by creating new snort rules to monitor network traffic and terminate connection between two entities. In addition, they show how a GUI allows snort user to create new rules based on him/her requirements.