Snort mailing list archives
Question about Inline mode
From: "Albert E. Whale" <aewhale () ABS-CompTech com>
Date: Sun, 04 Dec 2011 15:48:34 -0500
I have been asked to develop an IDS/IPS solution which can span multiple zones behind a firewall. While I have reservations in implementing a single box to become an active sensor for IDS/IPS solutions on the networks. In addition to believing that this is the wrong strategy to use in protecting internal networks (I am supposed to protect 4 internal networks), I am not certain of the correct configuration of the host server. In an Inline mode, are the network interfaces linked? What network configuration is required for IDS/IPS or inline configuration? Does the inline mode require two interfaces? Can Snort support multiple networks, simultaneously? Does this reduce the throughput capability of the monitor? Thanks, I have deployed Snort before, but your answers will further document my case. -- Albert E. Whale, CHS CISA CISSP Senior Technology & Security Director *ABS Computer Technology, Inc. * 412-635-7488 ext 100 aewhale () ABS-CompTech com <mailto:aewhale () ABS-CompTech com> www.ABS-CompTech.com <http://www.ABS-CompTech.com>
Attachment:
aewhale.vcf
Description:
------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Question about Inline mode Albert E. Whale (Dec 04)
- Re: Question about Inline mode NA (Dec 04)
- Re: Question about Inline mode Albert E. Whale (Dec 04)
- Re: Question about Inline mode Michael Altizer (Dec 04)
- Re: Question about Inline mode John Liss (Dec 05)
- Re: Question about Inline mode Albert E. Whale (Dec 04)
- Re: Question about Inline mode NA (Dec 04)