Snort Help - Network IDS

From: Jason Haith (jhaith_at_genesissys.com)
Date: 04/14/04

  • Next message: Eric Curbo: "RE: Securing a Local Network"
    To: "securityfocus" <security-basics@securityfocus.com>
    Date: Wed, 14 Apr 2004 15:22:09 -0500
    
    

    Recently I posted a question on different types of monitoring and ids
    setups. I have decided to go with snort and have been using it on a smaller
    network with no problem. However now, I need to move it to a production
    network which will consist of around a 100 servers all linked through 3com
    switches and going out through a watchgaurd firewall. I'm looking for
    different ways to implement this without setting up another single point of
    failure device which our firewall is. I'm not confident enough yet to risk
    something like that. I haven't found much information on packet sniffing
    when it comes to multiple entry points, found some info on wiretap, etc. but
    I've always received such great help on here I thought I would ask before I
    decided on something. Would really appreciate any help, I'm in a heck of a
    bind right now. Thanks.

    firewall
    |
    -3comswitch-servers
    -3comswitch-servers
    -3comswitch-servers

    ids?

    Jason Haith
    Systems Administrator
    Genesis Systems
    5712 S. 77th St
    Omaha, NE 68127
    Phone: (402)592-1452
    Fax: (402)592-3650
    Email: jhaith@genesissys.com

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------


  • Next message: Eric Curbo: "RE: Securing a Local Network"