RE: Running snort on a firewall

[Saad Kadhi <bsdguy () docisland org>]

On Thu, 2001-12-20 at 23:37, J. Craig Woods wrote:
> At 10:21 PM 12/20/2001 +0100, Saad Kadhi wrote:
> > IMHO, if one is really serious about IDS stuff one would have two boxes
> > listening on both the inside & the outside of the firewall plus a
> > separate "logging" fast network with a db server to which the Snorts
> > will send the logs. But I don't want to start a flame-war(tm) here ;)
>
> You just did! Serious is relative to what you are doing. Yes, if one is 
> running a large IT enterprise network I agree with your aforementioned 
> setup. BUT there are many uses for a IDS, from a simple stand-alone 
> workstation on ADSL to the most complex ethernet network in existence ( I 
> have been around the country, working at various IT departments, and a few 
> of these are unfortunately heading in this direction). One size does not 
> fit all....
<flame^Wagreed. My point was to make it clear that for a serious
enterprise-like solution, one would use Snort as an NIDS & put two of
those. But if you are to protect a *DSL small network (a home network
for instance), one would put the NIDS on the firewall directly (as I'm
doing in my home net). Now let's call it quit :) or this thread will
lead to what I'm trying to avoid. 

Regards,


-- 
/Saad Kadhi
---------------------------------------------------------------
bsdguy () docisland org
pgp keyid: 35592A6D
fingerprint: BF7D D73E 1FCF 4B4F AF63  65EB 34F1 DBBF 3559 2A6D
---------------------------------------------------------------
.sig made with the six^Hvi editor


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users