Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New snort install question

From: "Sallee, Stephen (Jake)" <Jake.Sallee () umhb edu>
Date: Tue, 22 May 2012 13:22:36 +0000
Are these non-university machines on a guest VLAN

...kind of.   A few years ago we had the opportunity to completely redesign our network structure.  We adopted the 
following VLan scheme

10.BB.VV.XX

Where:
BB = building number (arbitrarily assigned by yours truly)
VV = VLAN ID
XX = workstations

We have separate VLans for faculty/staff and students as well as voice and NAC, etc. ... all for each building.


have you checked out the Security Onion distro?

I had not seen that distro, it looks promising though.  I will most certainly look into it, THANKS!

As for the BPF filter, that seems like an excellent idea if we find our boxes have trouble keeping up, hopefully they 
won't but you never know.

Thank you for the info.


Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
900 College St.
Belton TX. 76513
Fone: 254-295-4658
Phax: 254-295-4221
HTTP://WWW.UMHB.EDU

From: Vivek Rajagopalan [mailto:vivek () unleashnetworks com]
Sent: Tuesday, May 22, 2012 2:56 AM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] New snort install question

Apologies, meant to reply to list.

On 22-05-2012 02:49, Sallee, Stephen (Jake) wrote:






... what are you trying to achieve...


We are indeed trying to protect our LAN from internal threats.  We have a well-protected internet facing edge but as a 
university we have a few thousand non-university owned assets that access our network every day.  Once these devices 
are on my network they have bypassed my armored edge and are able to poke away at my soft belly ... I don't like that.



Are these non-university machines on a guest VLAN ? If they are, then a BPF filter on Snort can help cut down the 
'trusted' traffic. This means your i3 Dells might be sufficient for the workload.

As far as deploying this over 50+ buildings are concerned have you checked out the Security Onion distro ?

Hope that helps,

Vivek

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: