Re: INQUIRY - seeking suitable micro-appliance for snort deployment and centralized alerts console from variety of WAN deployments in residential networks

["Randal T. Rioux" <randy () procyonlabs com>]

Tisk tisk, Jaime. You forgot to add the standard "redBorder is mine"
disclaimer.

Doug, you barely get a pass by saying "please use our security-onion
mailing list" in your message. I think that counts. Plus I like you. :-)

Yes folks, I've stuck my head out of the burrow to see what's going on
in here. I would like my new zen-like restraint from true caustic assery
noted and encouraged.

xoxo

On 7/3/2014 7:14 AM, Jaime Nebrera wrote:
> Hi Chase,
> > 1) Seeking pointers to a no-fuss micro-appliance and “how to” guide
> > to host Snort on it — for deployment at family members home
> > networks to assess their network risks.  For example,
> > http://utilite-computer.com/web/home or some other physical form
> > factor that does not require a whole lot of hand tuning and
> > installing of hardware; and
>
> That platform is provably your best pick as a bundled low cost dual 
> port system. Sadly, it doesnt include lan bypass that is a good to
> have feature for inline deployments and also is arm based that will
> make it much more complex your idea of fuss free install.
> > 2) Are there third-party cloud-centric monitoring strategies
> > wherein those remotely provisioned snort deployments on
> > micro-appliances (at family member home networks in various states)
> > can be consolidated into a central console for review of security
> > alerts and all?
>
> If you want to only see produced events, Security Onion, Snorby, 
> Sguil, etc are good choices Security Onien provides also the sensor
> side
>
> If you want vbesides viewing events the capacity to centrally manage
>  and configure he devices, control rule workflow etc, IMHO redBorder
> is a better alternative.
>
> Still, none of them are ready for "plug & play" in such a box
>
> If you can get traffic to a span port or similar, your cheapest 
> choice would be some Raspberry Pi based alternative
>
> For x86 based alternatives, with single port Intel NUC is a great 
> choice. Duakl port, more complex, you will provably need to go for 
> speciallized suppliers like Lanner, Portwell, Nexcom and such or use
> the small barebone from Supermicro, but all of them are orders of
> magnitude more expensive than the Utilite
>
> Regards

------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!