Snort mailing list archives
Re: Network Topology Question
From: Erek Adams <erek () snort org>
Date: Tue, 5 Aug 2003 10:31:10 -0400 (EDT)
On Sat, 2 Aug 2003, Brandon Hanks wrote: [...snip...]
Local workstations will be placed on separate network behind firewall. The firewall uses a built-in IDS. Does this network need an external and/or internal Snort box to filter potential security violations? I've read where the amount of traffic workstation networks receive would create a bottleneck for that network. These workstations will be used to surf Internet, send/receive email, and play online games. I would greatly appreciate everyone's ideas about how to create a secure network infrastructure. Thanks...
If you're using a Firewall, you 'really' don't need a Snort box on the outside unless you're just bored and want lots of data. Sitting on a cable modem, I get _HUGE_ amounts of Messenger spam that's dropped at the door. I don't care and don't want to see it. If you're using a DB, that DB would be quite large in just one day... Keep in mind that unless you're using a configureable switch that can do port mirroring, you're going to have to put in something like a 'dumb' hub before your DMZ switch. With regards to your workstations: If you need, ignore traffic to/from them using pass rules or BPF filters [0]. If you're worried about performance, use the BPF filter. But quite honestly, if you're only talking about a few computers on a Cable/DSL line, don't sweat it. Decent hardware can handle almost anything you throw at it at those speeds. Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson [0] http://www.theadamsfamily.net/~erek/snort/ignore.txt ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Network Topology Question Brandon Hanks (Aug 02)
- Re: Network Topology Question Erek Adams (Aug 05)