Snort mailing list archives
Re: IDS Topology
From: Demetri Mouratis <dmourati () cm math uiuc edu>
Date: Thu, 9 Jan 2003 22:29:53 -0600 (CST)
Your best bet is to find a dedicated machine for the sensor. If that's not possible, you can just install all the components on one machine. Several pitfalls with that approach: - running additional servers on the sensor makes in inherently more vulnerable - database, snort, apache, ..., all competing for same system resources - no steath logging ability Read some of the ACID documentation for more reasons. On Thu, 9 Jan 2003, Saul Bosquez wrote:
Im runnin' Redhat 7.3 on a Compaq proliant server and Im trying to install snort 1.8.7 on it. On the setup guide in the conceptual IDS topology section, there are 3 sensors and a centralized acid, mysql database. If i'm only using one sensor maybe would be easier to have the sensor and the database on the same machine and deploy it outside the firewalled network. What do you think guys? ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
--------------------------------------------------------------------- Demetri Mouratis dmourati () linfactory com ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- IDS Topology Saul Bosquez (Jan 09)
- Re: IDS Topology Demetri Mouratis (Jan 09)
- Re: IDS Topology Saad Kadhi (Jan 09)
- Re: IDS Topology Demetri Mouratis (Jan 10)
- Re: IDS Topology Saad Kadhi (Jan 09)
- <Possible follow-ups>
- IDS Topology Saul Bosquez (Jan 09)
- Re: IDS Topology Erek Adams (Jan 09)
- Re: IDS Topology Bennett Todd (Jan 10)
- RE: IDS Topology James R. Hendrick (Jan 10)
- IDS Topology Saul Bosquez (Jan 10)
- Re: IDS Topology Demetri Mouratis (Jan 09)