Snort mailing list archives
Re: Cheaper Snort!
From: "Davis Ray Sickmon, Jr" <midryder () midnightryder com>
Date: Thu, 14 Mar 2002 13:22:53 -0600
Here is a silly question: Why do some users of snort choose to run snort on win32 platforms? Does that not defeat ONE of the benefits of using snort? That benefit being free?Short story, the hardware costs money, so that's not free. The Windows license may already be owned (sunk money.) But really, the major factor will probably be OS expertise of the administrator. The cost of hiring, and perhaps training, a systems administrator totally dwarfs the cost of a Windows license. If the SA has never installed unix before, then having Snort on Win32 probably means that they now have an opportunity to run Snort, when they probably would have had to skip it otherwise. In many places, if it's a Windows shop, even if that particular SA can at least install Linux, the boss may not allow it. I've seen many managers who had the attitude that they don't want that weird box in the corner that only one guy can run, because what happens when he leaves? I'm not saying that it's a good idea, or that there isn't some benefit to having it on unix, but that's how it works. Ryan
I gotta agree with Ryan's comment. I'm running Snort 1.8.3 on Windows NT 4.0 (service packed up). Why? Because at the time, the hardware was available (it's a retired box), and WinNT was already loaded on it, so I cleaned it and secured it, and loaded Snort on it. No fuss, no muss (except for IDS Center. GROAN...) Later, when I got more hardware available, my new firewall was OpenBSD based. Recently they let me convence them to buy me more hardware, so my newest web server is a Linux box. Snort will eventually move to a slightly larger box, Linux based, when the company looses the purse strings a bit more for me (but it's not a priority right now.) By using the hardware I had at the time, I got to install an NIDS without incurring extra expenses, and it's a piece of cake to tell my sidekick how to adjust things (an MCSE who is now getting a liberal education in OpenBSD bridges / firewalling and Linux ;-) So, in this case, it was *MUCH* cheaper for me to use Snort on Win32. A blanket statement that Snort on Linux is cheaper isn't always true. Of course, most blanket statements about any product or situtation are less than universally true! As for the 'Total Cost of Ownership' type issues, well, it's pretty much a wash either way. With the Win32 box, I install NT or 2K, service pack it, shut down unnessisary services, test it, etc. On the Linux box, I've got to install Linux, (if it's from a distro) I have to install any patched versions to kill off vulnerabilities (like the recent PHP one), setup services and make sure nothing extra is running, test it, etc. The process is the same. I don't reboot my NT servers any more often than my Linux servers - basically, almost never. Only if I've patched something up, the last stage is to reboot it, confirm things are working proper and that no new holes or services are available, etc. So if I happen to have a license already available, then for me the price is identical. If not, then the TCO becomes only SLIGHTLY higher for a Windows based server, but just barely. Personally, this still sounded like an attempt at starting an OS Holy War, reguardless of the original author's statement that this wasn't an attempt to start an OS Holy War. I prefer OpenBSD or Linux for servers (OpenBSD slightly more prefered these days), and Win32 for workstations. And it's just that - preference. Other people prefer other setups than what I like, and as long as they know how to secure a system, what the heck does it matter. If they use a different setup than what they know or like, then it takes more time, money, and energy to get things right. If it were to take an admin twice as long to set up Snort on a Linux box than a Win32 box, then what's the cost of Snort? Davis Ray Sickmon, Jr Owner, Midnight Ryder Technologies http://www.midnightryder.com or, J R Sickmon, Creek Electric, Inc. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Cheaper Snort! spyguy703 (Mar 14)
- Re: Cheaper Snort! Leigh David Heyman (Mar 14)
- Re: Cheaper Snort! Ryan Russell (Mar 14)
- Re: Cheaper Snort! Martin Roesch (Mar 14)
- Re: Cheaper Snort! dr . kaos (Mar 14)
- <Possible follow-ups>
- RE: Cheaper Snort! McCammon, Keith (Mar 14)
- RE: Cheaper Snort! Wirth, Jeff (Mar 14)
- Re: Cheaper Snort! Davis Ray Sickmon, Jr (Mar 14)
- Re: Cheaper Snort! spyguy703 (Mar 14)