OpenAppID
In the previous chapters, we learned about the different modules of Snort 3 IDS/IPS, which essentially performs in-depth analysis of network traffic in order to detect malicious behavior and exploit attempts. Toward this goal, the users would maintain a set of IDS/IPS signatures that work in conjunction with Snort modules to detect and stop bad traffic.
In this chapter, we have a different use case that is practically useful. Network administrators and/or policymakers of organizations often like to limit and/or control the use of certain applications within the environment. For example, the network admin or controller may want to limit access (block access) to iTunes traffic. Note that this is not a security problem; rather, it is a policy issue. Historically, Snort rules were written to detect traffic of a particular application and thus alert and block it. These rules were grouped as policy.rules.
The OpenAppID feature is the answer to this use case. The OpenAppID...
