Snort mailing list archives
Effective Snort Design Methodologies
From: roger clemens <pardonmefor () yahoo com>
Date: Sat, 25 Aug 2001 14:02:00 -0700 (PDT)
All, I have been assigned a project to harden three Linux 7.1 systems to be specifically deployed as IDS sensors running the latest snort. What are the more popular and effective snort design and configuration methodologies for deploying sensors at the following three points: 1. Just outside the public interface of a Check Point Firewall 2. Just outside the DMZ interface of the check Point 3. Just outside the private interface of the check point firewall What are the more reliable, scalable and performance driven solutions for gathering traffic at each point? For example: 1. Should I use taps or span some ports 2. should I use a hub If anyone has some real world topology maps or projects they can share with me I would very much appreciate it. If I am leaving other important points out of the equation please let me know. I am sure there is something. Thank you, Richard __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Effective Snort Design Methodologies roger clemens (Aug 25)
- RE: Effective Snort Design Methodologies Ace (Aug 25)
- <Possible follow-ups>
- RE: Effective Snort Design Methodologies Kohlenberg, Toby (Aug 25)