Snort mailing list archives
RE: Effective Snort Design Methodologies
From: "Kohlenberg, Toby" <toby.kohlenberg () intel com>
Date: Sat, 25 Aug 2001 16:14:11 -0700
Preferred OS: Either Immunix (RH Linux w/buffer overflow & format bug protection compiled into everything. Way handy) or OpenBSD. Preferred locations- everywhere you can afford to put them. Then you get better information about how effective your security controls are. I prefer unpowered taps as opposed switch ports or hubs. The traffic always get through and there is no concern about the sniffing NIC sending any traffic. There are lots of good examples on different websites. I believe the Dragon site has some good ones (www.enterasys.com). All opinions given are my own and in no way reflect the views of my employer. Toby
-----Original Message----- From: roger clemens [mailto:pardonmefor () yahoo com] Sent: Saturday, August 25, 2001 2:02 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Effective Snort Design Methodologies All, I have been assigned a project to harden three Linux 7.1 systems to be specifically deployed as IDS sensors running the latest snort. What are the more popular and effective snort design and configuration methodologies for deploying sensors at the following three points: 1. Just outside the public interface of a Check Point Firewall 2. Just outside the DMZ interface of the check Point 3. Just outside the private interface of the check point firewall What are the more reliable, scalable and performance driven solutions for gathering traffic at each point? For example: 1. Should I use taps or span some ports 2. should I use a hub If anyone has some real world topology maps or projects they can share with me I would very much appreciate it. If I am leaving other important points out of the equation please let me know. I am sure there is something. Thank you, Richard __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Effective Snort Design Methodologies roger clemens (Aug 25)
- RE: Effective Snort Design Methodologies Ace (Aug 25)
- <Possible follow-ups>
- RE: Effective Snort Design Methodologies Kohlenberg, Toby (Aug 25)