Recommended hardware for Snort IDS

[a.qarta at gmail.com (Aa'ed Alqarta)]

Hi,

I'd like to recommend the following:

1. Use a network card that provides 100% packet capture like Endace DAG

http://www.endace.com/dag-network-monitoring-cards.html

2. Barnyard

http://sourceforge.net/projects/barnyard/

3. Net Optics 10/100/1000 Dual Port Aggregator Tap (This will tap two
full-duplex connections and send all traffic to the monitoring ports where
Snort sensors are listening)

http://www.netoptics.com/products/product_family_details.asp?cid=4&pid=213&Section=products&menuitem=4&tag=NetOptics+aggregation+Taps

On Fri, Dec 11, 2009 at 6:12 PM, Nils <nils at hemmann.de> wrote:

> What hardware are you guys using for your IDS systems?
>
> We are monitoring a 1000Mbit/s link with an average bandwidth of
> 30Mbit/s. A second link with a similar bandwidth will follow.
> After a successful test with a small system we'd like to order a
> dedicated server. Preferably HP DL xyz G4 or G5.
> OS wise we are tight to Red Hat Enterprise 5.4, IDS software is Snort
> with BASE, maybe switching to Anval.
>
> Any recommendations from the field?
>
> Thanks,
> Nils
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com



-- 
Best Regards,

http://extremesecurity.blogspot.com

http://www.linkedin.com/in/aalqarta

http://www.experts-exchange.com/M_3011930.html

http://www.liveperson.com/extremesecurity-labs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091211/b46ab786/attachment.htm