Home page logo
/

basics logo Security Basics mailing list archives

RE: Snort Help - Network IDS
From: "DeGennaro, Gregory" <Gregory_DeGennaro () csaa com>
Date: Thu, 15 Apr 2004 11:42:29 -0700

The tap would be the best method.

Another method would be this: 


servers-switch---|
servers-switch---|---Switch---Firewall
servers-switch---|     |
                             | Span Port (not spanning tree)
                             |          
                   IPS\IDS-System

Some span ports can support large amounts of traffic; therefore there is a
chance of packet loss to the IDS system.

You can also use a hub, however not recommended for Enterprise networks.

Of course, this is a source of failure which makes the tap even more luring
since the tap will fail open like Chris stated.

--Greg


-----Original Message-----
From: Jason Haith [mailto:jhaith () genesissys com] 
Sent: Wednesday, April 14, 2004 10:22 PM
To: securityfocus
Subject: Snort Help - Network IDS

Recently I posted a question on different types of monitoring 
and ids setups. I have decided to go with snort and have been 
using it on a smaller network with no problem. However now, I 
need to move it to a production network which will consist of 
around a 100 servers all linked through 3com switches and 
going out through a watchgaurd firewall. I'm looking for 
different ways to implement this without setting up another 
single point of failure device which our firewall is. I'm not 
confident enough yet to risk something like that. I haven't 
found much information on packet sniffing when it comes to 
multiple entry points, found some info on wiretap, etc. but 
I've always received such great help on here I thought I 
would ask before I decided on something. Would really 
appreciate any help, I'm in a heck of a bind right now. Thanks.


firewall
|
-3comswitch-servers
-3comswitch-servers
-3comswitch-servers

ids?


Jason Haith
Systems Administrator
Genesis Systems
5712 S. 77th St
Omaha, NE 68127
Phone: (402)592-1452
Fax:   (402)592-3650
Email: jhaith () genesissys com


--------------------------------------------------------------
-------------
Ethical Hacking at the InfoSec Institute. Mention this ad and 
get $545 off any course! All of our class sizes are 
guaranteed to be 10 students or less to facilitate one-on-one 
interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of 
in-the-field pen testing experience in our state of the art 
hacking lab. Master the skills of an Ethical Hacker to better 
assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
--------------------------------------------------------------
--------------


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]