Snort mailing list archives

RE: IDS Placement ideas for inside and outside a firewall.

From: "Brei, Matt" <mbrei () medclaiminc com>
Date: Wed, 2 Apr 2003 16:09:37 -0500

Yes.  It goes from the smart jack to the DSO/TSO on the router, then from the router to the firewall and from the 
firewall to the switch bank.

-----Original Message-----
From: FWAdmin [mailto:FWAdmin () nbpower com] 
Sent: Wednesday, April 02, 2003 4:04 PM
To: Brei, Matt; snort-users () lists sourceforge net
Subject: RE: [Snort-users] IDS Placement ideas for inside and outside a firewall.

How is the connection to your firewall made from the Internet? Is your firewall plugged directly into a router?

        -----Original Message-----
        From: Brei, Matt [mailto:mbrei () medclaiminc com] 
        Sent: April 2, 2003 16:40
        To: FWAdmin; snort-users () lists sourceforge net
        Subject: RE: [Snort-users] IDS Placement ideas for inside and outside a firewall.

        Ok, that takes care of one question.  But how do I get traffic before it hits the firewall.

        -----Original Message-----
        From: FWAdmin [mailto:FWAdmin () nbpower com] 
        Sent: Wednesday, April 02, 2003 3:09 PM
        To: snort-users () lists sourceforge net
        Subject: RE: [Snort-users] IDS Placement ideas for inside and outside a firewall.

        Traffic doesn't have to go through the IDS, just pass by it, as you want the IDS to sniff the traffic coming to 
and going from the firewall interface.

        Place the IDS on one of your switch ports, set it to span the firewall port.

                -Jason

                -----Original Message-----
                From: Brei, Matt [mailto:mbrei () medclaiminc com] 
                Sent: April 2, 2003 15:43
                To: snort-users () lists sourceforge net
                Subject: [Snort-users] IDS Placement ideas for inside and outside a firewall.

                Hi everyone.  I am trying to convince my company to implement IDS on our network but I have a few 
questions.  I know I would want one on both sides of the firewall, but on a switched network, how would I force traffic 
to go through Snort before it reached its destination?  Also, the way its set up now, the Cisco 1751 router goes right 
into the Cisco PIX 501 firewall and from there into a switch.  How would I place an IDS between the firewall and switch?

        ------------------------- 

        This e-mail communication (including any or all attachments) is intended only for the use of the person or 
entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended 
recipient of this e-mail, any use, review, retransmission, distribution, dissemination, copying, printing, or other use 
of, or taking of any action in reliance upon this e-mail, is strictly prohibited. If you have received this e-mail in 
error, please contact the sender and delete the original and any copy of this e-mail and any printout thereof, 
immediately. Your co-operation is appreciated. 

        Le présent courriel (y compris toute pièce jointe) s'adresse uniquement à son destinataire, qu'il soit une 
personne ou un organisme, et pourrait comporter des renseignements privilégiés ou confidentiels. Si vous n'êtes pas le 
destinataire du courriel, il est interdit d'utiliser, de revoir, de retransmettre, de distribuer, de disséminer, de 
copier ou d'imprimer ce courriel, d'agir en vous y fiant ou de vous en servir de toute autre façon. Si vous avez reçu 
le présent courriel par erreur, prière de communiquer avec l'expéditeur et d'éliminer l'original du courriel, ainsi que 
toute copie électronique ou imprimée de celui-ci, immédiatement. Nous sommes reconnaissants de votre collaboration. 

------------------------- 

This e-mail communication (including any or all attachments) is intended only for the use of the person or entity to 
which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient of 
this e-mail, any use, review, retransmission, distribution, dissemination, copying, printing, or other use of, or 
taking of any action in reliance upon this e-mail, is strictly prohibited. If you have received this e-mail in error, 
please contact the sender and delete the original and any copy of this e-mail and any printout thereof, immediately. 
Your co-operation is appreciated. 

Le présent courriel (y compris toute pièce jointe) s'adresse uniquement à son destinataire, qu'il soit une personne ou 
un organisme, et pourrait comporter des renseignements privilégiés ou confidentiels. Si vous n'êtes pas le destinataire 
du courriel, il est interdit d'utiliser, de revoir, de retransmettre, de distribuer, de disséminer, de copier ou 
d'imprimer ce courriel, d'agir en vous y fiant ou de vous en servir de toute autre façon. Si vous avez reçu le présent 
courriel par erreur, prière de communiquer avec l'expéditeur et d'éliminer l'original du courriel, ainsi que toute 
copie électronique ou imprimée de celui-ci, immédiatement. Nous sommes reconnaissants de votre collaboration.

Current thread:

IDS Placement ideas for inside and outside a firewall. Brei, Matt (Apr 02)
- <Possible follow-ups>
- RE: IDS Placement ideas for inside and outside a firewall. Brei, Matt (Apr 02)
- RE: IDS Placement ideas for inside and outside a firewall. Drew Stockman (Apr 02)
- RE: IDS Placement ideas for inside and outside a firewall. Brei, Matt (Apr 02)
- RE: IDS Placement ideas for inside and outside a firewall. Brei, Matt (Apr 02)
  - Re: IDS Placement ideas for inside and outside a firewall. David Glosser (Apr 02)
    - RE: IDS Placement ideas for inside and outside a firewall. Brian Laing (Apr 03)
- RE: IDS Placement ideas for inside and outside a firewall. Brei, Matt (Apr 03)
  - RE: IDS Placement ideas for inside and outside a firewall. Brian Laing (Apr 03)
  - Re: IDS Placement ideas for inside and outside a firewall. David Glosser (Apr 03)