Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Network placement / using a VLAN

From: Brian McIntyre <bmcintyre () therisingstar com>
Date: Mon, 07 Apr 2003 15:03:59 -0500
Time to actually ask a question of my own. I've recently put a Snort system in place on my network and I have a couple of questions. 

First of all, a little on my current set up:
Local traffic on a single subnet is going into a single switch that allows port mirroring into a port. I have hosts on 10/100 with a single 1000 port that I've added only a couple of mirrored interfaces to. A speedy Snort sensor is in place with a gig card to listen to the traffic and forward alerts to an ACID/MySQL console. I'm happy to say that Snort is working as expected.
Question 1) Since my two mirrored ports are my WAN interface, and my trusted interface on my firewall, is it really necessary to consider adding additional hosts to the mirrored port? If all I'm really concerned about monitoring is incoming and outgoing traffic through those two gateway interfaces isn't that sufficient?
Question 2) I would also like to monitor my DMZ. How secure would it be to add a VLAN on my switch to connect my DMZ hosts on the same switch as my local subnet? While physically they reside on the same switch, they will be on seperate VLANs. Can I be certain I'm not introducing a *serious* security risk to my internal network? This might be a much better question to ask my switch vendor, and please shot me if I've lost my marbles.. 

Anyone willing to respond directly will be welcomed.  Thanks!

Brian



-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server 
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: