Snort mailing list archives

Re: PLEASE HELP HERE.

From: "M. Morgan" <mikemorgan () mindspring com>
Date: Mon, 9 Feb 2004 09:41:21 -0500 (GMT-05:00)
Vasanth,
 
1.REGARDING SENSORS:
"Can we use snort to monitor using 
span r mirror port in the switch"
Dual NIC's, one passive on the hostile network and one on a trusted LAN for admin purposes, and yes, use a span/mirror 
port.



2.EVENT MONITORING
configure the admin NIC on the trusted lan and use SSHd with RSA authentication.


3.LOGS  Where should i store all the logs.
A central MySQL server.


4.REPORTING 
Use snort center and ACID

My reccomendation is look at www.sentinix.org and try it on a test machine, if you like what you see, proceed with your 
implementation.

Thanks,
Michael


-----Original Message-----
From: vasanth b <vasanthjobs () hotmail com>
Sent: Feb 8, 2004 9:59 PM
To: snort-users () lists sourceforge net
Cc: ravivsn () roc co in, pauls () utdallas edu, patrick () internetsecurityguru com
Subject: [Snort-users] PLEASE HELP HERE.

I will be implementing IDS using SNORT in our company network infrastructure 
and would be thankfull for some help.After going through all the  documents 
found in snort.org.I have got some doubts in implementing Snort IDS.

1.REGARDING SENSORS:

      Is this sensors r taps compulsory.Can we use snort to monitor using 
span r mirror port in the switch.If sensor necessary where to get it and how 
to place it.
And taps too i found different kinds of taps in the net so plz advice me in 
this regarding.

2.EVENT MONITORING  How to better configure the IDS NIC that will be acting 
as an admin interface, where I will be connecting for event information. 
Should I configure this interface with security to be accessed from the 
Internet or should I configure this interface to be accessed from the LAN 
via the firewall?

3.LOGS  Where should i store all the logs.Should i need  a separate server 
to store all the logs.If not approximately how much space will be required.

4.REPORTING  What is the best way to centralize and access all event 
reporting? What is the best product to accomplish this?


Please be kind to let me know if you have a better approach to any of this 
or if you have any other comments or suggestions.

ADVANCE THANKS FOR ALL WHOEVER HELPS AND GIVES THEIR VALUABLE IDEAS.

Regards,

VASANTH.B

_________________________________________________________________
Gifts for Him & Her. Valentines Day.  http://go.msnserver.com/IN/42197.asp 
At MSN Shopping.



-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:

PLEASE HELP HERE. vasanth b (Feb 08)
- RE: PLEASE HELP HERE. Jim Hendrick (Feb 09)
- <Possible follow-ups>
- Re: PLEASE HELP HERE. M. Morgan (Feb 09)