Snort on home routers - what a great idea

Summary:Itus Networks is building a router that has the Snort IPS built in. Why isn't everyone doing this?

snort

Because they are willing to spend money, businesses typically get a higher level of network security than consumers. The typical home broadband setup has a simple router, perhaps with integrated wi-fi, and then it's up to the client systems to protect themselves.

One of the standard items you'll find protecting the network of any medium-size or large organization is an IPS (Intrusion Prevention System). This is a device — in fact its software, often running on a dedicated device — that monitors traffic going in and out of the network, looking for the "signatures" of certain known attacks.

Many of the big networking companies like Cisco and Juniper sell these products. As new attacks are detected on the internet, engineers write signatures for IPS products so that they can detect the attacks. It's something like malware and anti-malware scanners.

There is an excellent, free and open source IPS called Snort. It was written in 1998 by Martin Roesch, who founded Sourcefire to make commercial products based on Snort. Sourcefire is now owned by Cisco. But Snort is still a top-notch and famous open source product with an active community.

When Jock Breitwieser and Daniel Ayoub founded Itus Networks they were surprised to find that nobody had thought to integrate Snort into a home router. So that's what they did: they made the iGuardian.

When they told me about it I had the same thoughts they did: What a great and, in retrospect, obvious idea! Why isn't everyone doing this?

Well, they're not, but the iGuardian does. So to the iGuardian itself: Itus is launching it through a Kickstarter campaign and priced the unit at $149 for now. The eventual retail price is listed as $179. As I write this they have 305 backers, pledging $44,711 of their $125,000 goal with 27 days to go. Depending on what you pledge you can get a thank you all the way up to multiple units, early access to beta ROMs, an iGuardian hoodie and more.

The device is not a router as such, but a simple pass-through unit that can operate at either level 2 or 3. At level 2 you would place it between your internet entry point (such as the Ethernet out of your cable modem) and your router. At level 3 you could configure it as a router itself. See an image of the prototype below.

iGuardian
iGuardian Prototype 5.25"l x 1.5"h x 1.75"w

For the consumer market the level 2 configuration is the right one as it is completely set-it-and-forget-it. If it's working correctly you won't know it's there. (Of course, if it's not working you might also not know it's there, but there are ways of dealing with that.)

The first, and main barrier to entry for Itus is convincing consumers to pay $179 for a box that silently makes their network more secure and which they otherwise shouldn't notice. I have to think that this isn't going to be an easy sell. IT people who understand the value of Snort would be a comparatively easy sell, and perhaps many will be sold to consumers who know a techie that tells them they need this thing.

A little box like this isn't going to do everything that a business-grade product costing many thousands of dollars does. For instance, it can't check encrypted traffic. At the cost of a certificate and some management complexity, a more capable device can proxy TLS/SSL traffic and monitor it too. The iGuardian has neither the capability nor the horsepower to do so, but even if it did, the configuration would likely be too much for consumers. But's only the first generation— perhaps these problems can be solved in later versions.

It has other problems in the home market, but the main one I think is the rise of integrated endpoint routers from ISPs. I'm a Verizon FIOS customer, and the router Verizon provides, a custom job by Actiontec, takes its internet signal from a coax cable that comes from the Verizon ONT (Optical Network Terminator). This prevents me from putting anything at level 2. I happen to know that there is an Ethernet interface on the ONT and it's possible to drill another hole in my house, move some wires around and solve the level 2 problem, but I don't expect many consumers to do this. I understand some cable modem companies do the same.

It's a real shame because Snort at the home internet connection is a great idea. I wish them success, but I think Snort will only come to home networks when it comes on something people already have to buy, like their wi-fi router. Perhaps the ISPs should look at iGuardian as the sort of thing they should be providing to their customers. It would save the ISPs and their customers a lot of trouble.

Topics: Security, Networking

About

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.