RE: IDS Placement ideas for inside and outside a fi rewall.

[Philip Davidson <Philip () dpc-paris com>]

As far as the inside, get you a little hub.  3Com makes a good hub Office
Connect, I think is what it's called.

Take the line from your router/firewall, run into the hub.  Plug your Snort
box into one of the 4 or 8 ports on the front of the hub.

A hub is literally a repeater, where it repeats the signal it gets.  Now
take the line that was from your router/firewall to your switch and plug
into the front of the hub as well.  I think this will work for you.  Or you
could just mirror a port on the switch.  This could depend on the brand of
switch. 

Anyhow, that's one...wait..two ways of setting it up internally.

 

Later,

 

Philip Davidson

DPC, Inc

1015 Maurice Fields Dr

Paris, TN 38242

731.642.8627

-----Original Message-----
From: Brei, Matt [mailto:mbrei () medclaiminc com] 
Sent: Wednesday, April 02, 2003 1:43 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] IDS Placement ideas for inside and outside a
firewall.

 

Hi everyone.  I am trying to convince my company to implement IDS on our
network but I have a few questions.  I know I would want one on both sides
of the firewall, but on a switched network, how would I force traffic to go
through Snort before it reached its destination?  Also, the way its set up
now, the Cisco 1751 router goes right into the Cisco PIX 501 firewall and
from there into a switch.  How would I place an IDS between the firewall and
switch?