Re: Snort and topology

[Joel Esler <eslerj () gmail com>]

I would probably have three.  One at each remote site monitoring the
network traffic entering and leaving those sites, then yet another at
the central site watching the traffic going in and out of the
internet.

Joel

On Wed, Apr 8, 2009 at 8:16 AM, Emmanuel Lesouef <e.lesouef () crbn fr> wrote:
> Each site are geographically distinct, one is very near ther primary
> one, so it's wireless connected (~40Mbps), and the other one is
> connected through an SDSL (100MBps).
>
> Each of them are routed through the primary one as it is the only one
> that has a internet connection.
>
> My goal is to have a part of the work done on site 1 and 2 and the
> results aggregated in sort of a "management console" on the primary
> site (this "management console" would also be the Snort NIDS for the
> primary site.
>
> Dunno if I'm clear enough :)
>
> Thanks for your answer.
>
> Le Wed, 8 Apr 2009 08:11:06 -0400,
> Joel Esler <eslerj () gmail com> a écrit :
>
> > So you have two sites, how are they connected to each other?
> > Does all internet traffic go through one site, or both sites?
> >
> > Joel
> >
> > On Wed, Apr 8, 2009 at 5:42 AM, Emmanuel Lesouef <e.lesouef () crbn fr>
> > wrote:
> > > Hi,
> > >
> > > I'm currently planning to deploy snort (which I already did on one
> > > server) but I would like to build sort of a network of nids.
> > >
> > > I'm explaining. We use several vlans and geographically different
> > > site. I don't know exactly how to make my snort network be the best
> > > as I could considering this topology :
> > >
> > > Site1 <-> Primary Site <-> Site 2
> > >
> > > I was thinking about having snort on each site but the primary one
> > > be considered as the "monitoring" one, as if it was aggregating data
> > > collected and analysed on distant sites.
> > >
> > > Can someone give some advice about this sort of deployment ? Is it
> > > possible to configure a network of nids ?
> > >
> > > Thanks for all the infos you can give.
> > >
> > > --
> > > Emmanuel Lesouef
>
>
>
> --
> Emmanuel Lesouef



-- 
joel esler | Sourcefire | gtalk: jesler () sourcefire com | 302-223-5974

------------------------------------------------------------------------------
This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users