IDS mailing list archives
Re: Multiple network segment monitor with Snort
From: Sergio Pozo Hidalgo <blitter_es () yahoo es>
Date: Wed, 01 Oct 2003 21:39:03 +0200
It should be doable, but don't forget to secure the heck out of that sensor. Like: - disable IP forwarding - don't assign IP addresses to the "sniffing" interfaces
Ops. I need to assign IP address to interfaces and also activate IP Forwarding, because the same sensor machine will be the firewall between different network segments (that is whay this solution is cheaper, but also less secure...). I'm thinking in switching back to the layer2 or layer3 switch and try to convince my boss to spend more money :(
Anyway, it is a departamental network, not a corporate one, so I need to balance the cost of the solution to the cost of the information to protect.
Thank you very much for your advice. Sergio --------------------------------------------------------------------------- Captus Networks IPS 4000Intrusion Prevention and Traffic Shaping Technology to: - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
- Automatically Control P2P, IM and Spam Traffic - Precisely Define and Implement Network Security & Performance PoliciesFREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
---------------------------------------------------------------------------
Current thread:
- Re: Multiple network segment monitor with Snort Sergio Pozo Hidalgo (Oct 02)
- Re: Multiple network segment monitor with Snort Dpk (Oct 02)
- <Possible follow-ups>
- Re: Multiple network segment monitor with Snort Sergio Pozo Hidalgo (Oct 02)
- Re: Multiple network segment monitor with Snort Sergio Pozo Hidalgo (Oct 02)
- RE: Multiple network segment monitor with Snort kgeorgiades (Oct 06)