Security Basics mailing list archives
RE: Snort Help - Network IDS
From: Meidinger Chris <chris.meidinger () badenit de>
Date: Thu, 15 Apr 2004 14:18:21 +0200
Are you using IDS? Then check out the fail open taps from intrusion.com That would look like: servers-switch---| servers-switch---|---IDS-Tap---Firewall servers-switch---| | IPS-System This way, you can fail open on your *tap*, meaning that if it fails, all communications can be let through. Thus, no point of failure. They even have high-availability versions, or ones suitable for IPS. If you have questions, feel free to mail. Cheers, Chris Meidinger
-----Original Message----- From: Jason Haith [mailto:jhaith () genesissys com] Sent: Wednesday, April 14, 2004 10:22 PM To: securityfocus Subject: Snort Help - Network IDS Recently I posted a question on different types of monitoring and ids setups. I have decided to go with snort and have been using it on a smaller network with no problem. However now, I need to move it to a production network which will consist of around a 100 servers all linked through 3com switches and going out through a watchgaurd firewall. I'm looking for different ways to implement this without setting up another single point of failure device which our firewall is. I'm not confident enough yet to risk something like that. I haven't found much information on packet sniffing when it comes to multiple entry points, found some info on wiretap, etc. but I've always received such great help on here I thought I would ask before I decided on something. Would really appreciate any help, I'm in a heck of a bind right now. Thanks. firewall | -3comswitch-servers -3comswitch-servers -3comswitch-servers ids? Jason Haith Systems Administrator Genesis Systems 5712 S. 77th St Omaha, NE 68127 Phone: (402)592-1452 Fax: (402)592-3650 Email: jhaith () genesissys com -------------------------------------------------------------- ------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------- --------------
--------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Snort Help - Network IDS Jason Haith (Apr 14)
- Re: Snort Help - Network IDS Brian Whitehead (Apr 15)
- Re: Snort Help - Network IDS Matt Mercer (Apr 15)
- RE: Snort Help - Network IDS David Gillett (Apr 15)
- <Possible follow-ups>
- RE: Snort Help - Network IDS Meidinger Chris (Apr 15)
- RE: Snort Help - Network IDS DeGennaro, Gregory (Apr 16)