Re: Question on Howto setup a snort sensor in front of firewall

[Chris Green <cmg () uab edu>]

"Dörr, Oliver" <Oliver.Doerr () priacon com> writes:

> Hello all
> I have a general question about setting up a snort sensor systems. When I
> place the sensor in front of the firewall, it will make this system very
> vunerable against attacks. Although I would like to analyze the data in
> realtime. How can i setup such a system without compromising my security
> issues? Would it make sense to setup a system with snort, firewall, database
> and analyze engine or is it more usefull to transfer the data (and how?) to
> a internal system for analyzing ? 

You should have 2 network interfaces.  One is in promiscuous mode with
no ip on the sensor interface and a management interface that is
attached to whereever you will analyze events from.
-- 
Chris Green <cmg () uab edu>
To err is human, to moo bovine.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users