Snort mailing list archives
IDS and HoneyPot placement in LAN
From: Quentin Ducas <quentin.h4c () gmail com>
Date: Wed, 16 Jun 2010 17:26:38 +0200
I apologize for the newbie question, but what is the best placement for the IDS and the HoneyPot in the LAN? I want to monitor a HoneyPot with the IDS (snort) [u]without[/u] monitoring the complete LAN. Want to monitor just one machine. What should be the best placement for HoneyPot and IDS for this situation. The HoneyPot is a so called 'research-honeypot' so it is not used for security-reasons. Do I have to place the HoneyPot and the IDS in a DMZ? Or is it better to place the IDS between modem and router, and the HoneyPot in a DMZ? Or is it not necessary to have a DMZ and can I place the HoneyPot between modem and Router and the IDS in the LAN? Do I need a switch to make a separate network for this? Or maybe something else? ergo: What is the best placement for both systems? Thanks in advance, Quentin
------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- IDS and HoneyPot placement in LAN Quentin Ducas (Jun 16)
- Re: IDS and HoneyPot placement in LAN Matt Olney (Jun 16)
- Re: IDS and HoneyPot placement in LAN Joe Pampel (Jun 16)