Snort mailing list archives
Re: Deployment
From: CunningPike <cunningpike () gmail com>
Date: Tue, 09 Sep 2008 12:34:20 -0700
Hi Steffan, Depending on the horsepower of that server, and the amount of traffic you will be monitoring, it _may_ be feasible. However, on our 10Mb link, dual 3.4GHz Xeons with 4GB of RAM spends all its time running our NSM. Also, remember that snort by itself won't _protect_ anything (unless you run it inline, I suppose) and, even when set up that what, its ability to protect the host its actually running on may be limited (others will quickly point out if I'm talking bollocks here). A better solution is to run snort on its own machine, monitoring on a NIC with no IP address and being managed on another NIC with an IP address that's unreachable from the Internet. Then you can use the other box for everything else - a web server, even a busy one, arguably uses less of a machine that snort monitoring a busy link. CP On Mon, 2008-09-08 at 06:39 -0700, Steffan A. Cline wrote:
I have 2 - 1u servers available to me. Is it possible for one of them to serve dual purpose meaning that it can still do web and all while providing protection for itself and the other server? Both have dual ethernet. Thanks Steffan --------------------------------------------------------------- T E L 6 0 2 . 7 9 3 . 0 0 1 4 | F A X 6 0 2 . 9 7 1 . 1 6 9 4 Steffan A. Cline Steffan () ExecuChoice net Phoenix, Az http://www.ExecuChoice.net USA AIM : SteffanC ICQ : 57234309 YAHOO : Steffan_Cline MSN : steffan () hldns com GOOGLE: Steffan.Cline Lasso Partner Alliance Member --------------------------------------------------------------- ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Deployment Steffan A. Cline (Sep 08)
- Re: Deployment CunningPike (Sep 09)