installing snort

[Juan Fernandez <Juan.Fernandez () deltathree com>]

Hi,

 

I want to install 3 snort machines.

 

One management machine and 2 sensors.

 

One sensor will be on the dmz and the other in the LAN ( I want to mirror
the default gateway port in the switch and monitor this port ) I want snort
to be active meaning cutting connections as I define so where to put it  ? I
just want to be sure that  if a hackers enters  my lan  so the connection
will be drop.

 

Second question: which linux dist is the best to install snort on ? is it
metters ?

 

Thitd: to manage the sensors I will need 2 nics on the sensor in the dmz
right ? ( one Nic connected to the dmz switch e.g sensor and the other nic
connected to the lan switch so I can log to the machine from the internal
lan ). How I configure and secure this machine in a way that a hacker cant
enter the machine from the sensor nic and from there to enter to the lan
from the second nic ?

 

Thank very much !!!