RE: Snort Help - Network IDS

[Meidinger Chris <chris.meidinger () badenit de>]

Are you using IDS? Then check out the fail open taps from intrusion.com

That would look like:

servers-switch---|
servers-switch---|---IDS-Tap---Firewall
servers-switch---|     |
                   IPS-System

This way, you can fail open on your *tap*, meaning that if it fails, all
communications can be let through. Thus, no point of failure. They even have
high-availability versions, or ones suitable for IPS.

If you have questions, feel free to mail.

Cheers,

Chris Meidinger



> -----Original Message-----
> From: Jason Haith [mailto:jhaith () genesissys com] 
> Sent: Wednesday, April 14, 2004 10:22 PM
> To: securityfocus
> Subject: Snort Help - Network IDS
>
> Recently I posted a question on different types of monitoring 
> and ids setups. I have decided to go with snort and have been 
> using it on a smaller network with no problem. However now, I 
> need to move it to a production network which will consist of 
> around a 100 servers all linked through 3com switches and 
> going out through a watchgaurd firewall. I'm looking for 
> different ways to implement this without setting up another 
> single point of failure device which our firewall is. I'm not 
> confident enough yet to risk something like that. I haven't 
> found much information on packet sniffing when it comes to 
> multiple entry points, found some info on wiretap, etc. but 
> I've always received such great help on here I thought I 
> would ask before I decided on something. Would really 
> appreciate any help, I'm in a heck of a bind right now. Thanks.
>
>
> firewall
> |
> -3comswitch-servers
> -3comswitch-servers
> -3comswitch-servers
>
> ids?
>
>
> Jason Haith
> Systems Administrator
> Genesis Systems
> 5712 S. 77th St
> Omaha, NE 68127
> Phone: (402)592-1452
> Fax:   (402)592-3650
> Email: jhaith () genesissys com
>
>
> --------------------------------------------------------------
> -------------
> Ethical Hacking at the InfoSec Institute. Mention this ad and 
> get $545 off any course! All of our class sizes are 
> guaranteed to be 10 students or less to facilitate one-on-one 
> interaction with one of our expert instructors. 
> Attend a course taught by an expert instructor with years of 
> in-the-field pen testing experience in our state of the art 
> hacking lab. Master the skills of an Ethical Hacker to better 
> assess the security of your organization. 
> Visit us at: 
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> --------------------------------------------------------------
> --------------

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------