Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Deployment

From: CunningPike <cunningpike () gmail com>
Date: Tue, 09 Sep 2008 12:34:20 -0700
Hi Steffan,

Depending on the horsepower of that server, and the amount of traffic
you will be monitoring, it _may_ be feasible. However, on our 10Mb link,
dual 3.4GHz Xeons with 4GB of RAM spends all its time running our NSM.

Also, remember that snort by itself won't _protect_ anything (unless you
run it inline, I suppose) and, even when set up that what, its ability
to protect the host its actually running on may be limited (others will
quickly point out if I'm talking bollocks here).

A better solution is to run snort on its own machine, monitoring on a
NIC with no IP address and being managed on another NIC with an IP
address that's unreachable from the Internet. Then you can use the other
box for everything else - a web server, even a busy one, arguably uses
less of a machine that snort monitoring a busy link.

CP

On Mon, 2008-09-08 at 06:39 -0700, Steffan A. Cline wrote:

I have 2 - 1u servers available to me. Is it possible for one of them to
serve dual purpose meaning that it can still do web and all while providing
protection for itself and the other server? Both have dual ethernet.


Thanks

Steffan

---------------------------------------------------------------
T E L  6 0 2 . 7 9 3 . 0 0 1 4 | F A X  6 0 2 . 9 7 1 . 1 6 9 4
Steffan A. Cline  
Steffan () ExecuChoice net                             Phoenix, Az
http://www.ExecuChoice.net                                  USA
AIM : SteffanC          ICQ : 57234309
YAHOO : Steffan_Cline   MSN : steffan () hldns com
GOOGLE: Steffan.Cline             Lasso Partner Alliance Member
---------------------------------------------------------------




-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: