Snort mailing list archives

RE: Network placement / using a VLAN

From: JP Vossen <vossenjp () netaxs com>
Date: Mon, 7 Apr 2003 18:12:02 -0400 (EDT)

On Mon, 7 Apr 2003 snort-users-request () lists sourceforge net wrote:

Message: 2
Date: Mon, 07 Apr 2003 15:03:59 -0500
To: snort-users () lists sourceforge net
From: Brian McIntyre <bmcintyre () therisingstar com>
Subject: [Snort-users] Network placement / using a VLAN


<snip>

Question 2) I would also like to monitor my DMZ.  How secure would it be to
add a VLAN on my switch to connect my DMZ hosts on the same switch as my
local subnet?  While physically they reside on the same switch, they will
be on seperate VLANs.  Can I be certain I'm not introducing a *serious*
security risk to my internal network?  This might be a much better question
to ask my switch vendor, and please shot me if I've lost my marbles..


That's a Bad Idea--don't do it!  Always use different physical devices for
networks with different trust levels.  While I have never personally done it,
I have been assured by people who I believe ARE capable of it that VLANs can
be broken.  Besides, do you trust the vendor to make a crashed VLAN/router
"fail safe?"

Low-end hubs/switches are dirt cheap (unless you need HA or managable
stuff--totally depends on your needs and environment), and NICs are cheap too.
You can add an unnumbered interface to your Snort box and plug in to the DMZ.
This would require running a second Snort instance with suitable mods to the
snort.conf file, and enough horsepower on the sensor...  There have been lots
of discussion of this kind of thing in the list archives.

Later,
JP
------------------------------|:::======|--------------------------------
JP Vossen, CISSP              |:::======|                jp () jpsdomain org
My Account, My Opinions       |=========|       http://www.jpsdomain.org/
------------------------------|=========|--------------------------------
"The software said it requires Windows 98 or better, so I installed
Linux..."



-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Network placement / using a VLAN Brian McIntyre (Apr 07)
- Re: Network placement / using a VLAN Erek Adams (Apr 08)
- <Possible follow-ups>
- RE: Network placement / using a VLAN JP Vossen (Apr 07)