Snort Help - Network IDS

["Jason Haith" <jhaith () genesissys com>]

Recently I posted a question on different types of monitoring and ids
setups. I have decided to go with snort and have been using it on a smaller
network with no problem. However now, I need to move it to a production
network which will consist of around a 100 servers all linked through 3com
switches and going out through a watchgaurd firewall. I'm looking for
different ways to implement this without setting up another single point of
failure device which our firewall is. I'm not confident enough yet to risk
something like that. I haven't found much information on packet sniffing
when it comes to multiple entry points, found some info on wiretap, etc. but
I've always received such great help on here I thought I would ask before I
decided on something. Would really appreciate any help, I'm in a heck of a
bind right now. Thanks.


firewall
|
-3comswitch-servers
-3comswitch-servers
-3comswitch-servers

ids?


Jason Haith
Systems Administrator
Genesis Systems
5712 S. 77th St
Omaha, NE 68127
Phone: (402)592-1452
Fax:   (402)592-3650
Email: jhaith () genesissys com


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------