Snort mailing list archives
Snort Sensor Placement Outside Firewall
From: "Rich Lichvar" <rlichvar () knowledgeresourcecenter com>
Date: Wed, 25 Jun 2003 10:46:19 -0400
I know this is a bit off-topic, but I need some advice/help and would like to tap the experience of those who probably have successfully done what we are thinking of doing. We are thinking of putting a Snort-based sensor outside our firewall in the Untrusted zone. (This is after the border/edge/gateway router which is controlled by our hosting facility and not us.) I was wondering if any of you had any advice about: 1. OS: Linux? Hardened how? What system capacity (RAM, hard drive) might be required? 2. Cabling setup: Internet Cat 5 cable to hub and cable from hub to sensor and cable from hub to Untrusted port of firewall? (I've tried this in the past and had problems with traffic even getting to the firewall. Maybe a crossover cable is needed?) Many thanks in advance for any advice/experience you would offer. Richard L. Lichvar Director, Operations Knowledge Resource Center, Inc. Phone: 703-848-2100 x228 Fax: 703-848-4747 Mobile: 571-221-3430
Current thread:
- Snort Sensor Placement Outside Firewall Rich Lichvar (Jun 25)
- Re: Snort Sensor Placement Outside Firewall Erek Adams (Jun 25)
- RE: Snort Sensor Placement Outside Firewall Michael Steele (Jun 25)
- RE: Snort Sensor Placement Outside Firewall Erek Adams (Jun 26)
- RE: Snort Sensor Placement Outside Firewall Michael Steele (Jun 25)
- Re: Snort Sensor Placement Outside Firewall David Alonso De La Vega Tapage (Jun 25)
- RE: Snort Sensor Placement Outside Firewall Michael Steele (Jun 25)
- Re: Snort Sensor Placement Outside Firewall David Alonso De La Vega Tapage (Jun 26)
- RE: Snort Sensor Placement Outside Firewall Michael Steele (Jun 25)
- <Possible follow-ups>
- Fw: Snort Sensor Placement Outside Firewall Tom Sevy (Jun 26)
- RE: Snort Sensor Placement Outside Firewall Michael Steele (Jun 26)
- Re: Snort Sensor Placement Outside Firewall Erek Adams (Jun 25)