Snort mailing list archives
RE: *very* many snort installations..
From: "Michael Steele" <michaels () winsnort com>
Date: Wed, 26 Nov 2003 07:46:13 -0800
The solution is not to install Snort on every workstation. You need a network security consultant to point you into the right direction for the topology of your organization. A project like this needs to be done correctly the first time to not only save time but money. If you need a good consultant let me know and I'll give you a contact name and number :) Cheers... -Michael Steele -- System Engineer / Security Support Technician mailto:michaels () winsnort com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org
-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users- admin () lists sourceforge net] On Behalf Of Mokum Sent: Wednesday, November 26, 2003 5:45 AM To: snort-users () lists sourceforge net Subject: [Snort-users] *very* many snort installations.. Greetings, I was requested to look into the possibility to install snort as a service on 'all' [XP only] workstations [*way* over 10.000] of a very large, very global organization. The goal is to have a better insight in the 'known bad' data flows though out the network. Of course, the main parts of the network are already IDS'ed so the workstation installation would be a sort of extended sensorium to make sure we see things behind the routers, switches, nat'ing devices & firewalls that normally go undetected untill things go really really wrong. The well known pitfalls of rollouts like these that I am aware of are: - the managebility: - collection of events - the number of the events - the QA - snort.exe - stability of the service - resources needed - quality of the rules implemented Not my problem is: - the installation & distribution of the service, this is done for about 1000 other applications too. - the updating of the rules [is part of the distribution] My question is if anybody on the list has expirience [good or bad] with a concept like this? Any pointers? Cheers, mokum ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- *very* many snort installations.. Mokum (Nov 26)
- Re: *very* many snort installations.. Shane Smith (Nov 26)
- RE: *very* many snort installations.. Michael Steele (Nov 26)
- RE: *very* many snort installations.. Jason Haar (Nov 26)
- <Possible follow-ups>
- RE: *very* many snort installations.. hugh_fraser (Nov 28)
- Re: *very* many snort installations.. Adriel T. Desautels (Dec 02)