Snort mailing list archives

Re: IDS Topology

From: Erek Adams <erek () snort org>
Date: Fri, 10 Jan 2003 00:28:17 -0500 (EST)

On Thu, 9 Jan 2003, Saul Bosquez wrote:

Im runnin' Redhat 7.3 on a Compaq proliant server and Im trying to
install snort 1.8.7 on it.
On the setup guide in the conceptual IDS topology section, there are 3
sensors and a centralized acid, mysql database.
If i'm only using one sensor maybe would be easier to have the sensor
and the database on the same machine and deploy it outside the
firewalled network. What do you think guys?


Well...  There are better ways to do it, IMHO.  :)

If you have your sensor and DB on the same box, you're having to share
resources with Snort.  Depending on your traffic, that could be a very bad
thing.  If you have the spare box, place a sensor interface (stealth)
outside of your FW and log to a DB box on the inside.

If you don't have a spare box....  Well, do what you best can do.  :)  Or
'borrow' one from someone's desk.  ;-P

-----
Erek Adams

   "When things get wierd, the wierd turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

IDS Topology Saul Bosquez (Jan 09)
- Re: IDS Topology Demetri Mouratis (Jan 09)
  - Re: IDS Topology Saad Kadhi (Jan 09)
    - Re: IDS Topology Demetri Mouratis (Jan 10)
- <Possible follow-ups>
- IDS Topology Saul Bosquez (Jan 09)
  - Re: IDS Topology Erek Adams (Jan 09)
  - Re: IDS Topology Bennett Todd (Jan 10)
- RE: IDS Topology James R. Hendrick (Jan 10)
- IDS Topology Saul Bosquez (Jan 10)