snort sensor on virtual machine...[?]

[Corbin Fletcher <corbin () freeway com>]

Greetings Snort community,

I am a member of a small team who operates a data center. Our company 
provides VoIP services for corporations. We utilize primarily open 
source application. We run Debian and CentOS, FreeSwitch, OpenSIP, MySQL 
Elastix, FreePBX, Proxmox, etc.

We receive a good number of SIP brute force attacks, and other security 
breaches on our network. And this is the reason for my email.

As a team we have agreed to implement a Snort sensor as a NIDS. We are 
currently not running any IDS and we rely on analyzing logs to be 
alerted to our network attacks.

I would like to install a Snort sensor at the edge of our network on its 
own dedicate machine and have it sniff all network traffic.

Another team member wants to run Snort on a Proxmox cluster in a virtual 
environment.

Can anyone advise about the pros and cons for each approach?

Or, could someone please advise on best practices for implementing a 
Snort sensor on our network?

Thanks in advance.

~Corbin


------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second 
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!