Re: Where to place the IDS ?

[Jose Maria Lopez <jkerouac () bgsec com>]

El vie, 19 de 11 de 2004 a las 16:50, andrea escribió:
> Is it convenient to use snort in the same machine of the firewall (iptables)? 

It can be. It depends in how you are gonna use snort and the
resources you have. I run snort in the firewall machine and
everything works fine.

> Or is it a waste of resources?

Snort can use a big amount of resources.

> Do you use a whole machine for snort?

I don't need it, but if you have a gigabit ethernet or a lot
of traffic you may need it. It's a good idea to have a machine
just for snort, but it's not absolutely necessary.

> Can snort stop malicious traffic? For example applying firewall rules? Or is 
> it just a logger?

Snort can use guardian to create rules in the firewall, but it's
much more interesting to use snort-inline that it's an IPS and
can stop malicious traffic detected by the snort rules.


-- 
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac () bgsec com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"



-------------------------------------------------------
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD - A multidimensional database that combines
robust object and relational technologies, making it a perfect match
for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users