Snort mailing list archives
Re: performance concern
From: Matt Kettler <mkettler () evi-inc com>
Date: Tue, 17 Jun 2003 15:45:33 -0400
At 01:37 PM 6/17/2003 -0500, Francisco Morosini wrote:
Hi!, i have an concern, i have a machine with IIS 5.0 and i ask if is possible run the IDS with the WEB SERVER in the same machine or i have troubles of performance?
Depends totally on the load, and what kind of hardware you are running on if this will have performance issues. Heck, without defining load and hardware, you can't even ascertain if you'll have performance issues without IIS, much less what will happen with IIS added to the picture.
However my biggest hesitation would be security, not performance. If you want snort to watch your webserver for attack, bear in mind that if your IIS is successfully hacked, a reasonably skilled attacker can very easily erase their tracks if snort is on the same system and logging its data there.
This alone is one VERY good reason to run snort on a machine that is as isolated from any possibility of exploit if you want to use it to track down "what happened" after an attack. My snort box isn't even allowed to send data to any machine outside the local network by the firewall (actually two firewalls both block this, one on the snort box itself, and one in the network border router.) It's also not allowed to do recursive DNS queries.
------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ANNOUNCEMENT: Eagle X v2.0 available on http://www.engagesecurity.com Ueli Kistler (Jun 16)
- Eagle X v2.0 cristal_ball (Jun 17)
- Re: Eagle X v2.0 Ueli Kistler (Jun 17)
- performance concern Francisco Morosini (Jun 17)
- Re: performance concern Erek Adams (Jun 17)
- Re: performance concern Matt Kettler (Jun 17)
- Re: Eagle X v2.0 Ueli Kistler (Jun 17)
- Eagle X v2.0 cristal_ball (Jun 17)
- Questions about Eagle X v2.0 LucAdmin (Jun 19)