Snort Help - Network IDS

From: Jason Haith (jhaith_at_genesissys.com)
Date: 04/14/04

  • Next message: Eric Curbo: "RE: Securing a Local Network"
    To: "securityfocus" <security-basics@securityfocus.com>
    Date: Wed, 14 Apr 2004 15:22:09 -0500
    
    

    Recently I posted a question on different types of monitoring and ids
    setups. I have decided to go with snort and have been using it on a smaller
    network with no problem. However now, I need to move it to a production
    network which will consist of around a 100 servers all linked through 3com
    switches and going out through a watchgaurd firewall. I'm looking for
    different ways to implement this without setting up another single point of
    failure device which our firewall is. I'm not confident enough yet to risk
    something like that. I haven't found much information on packet sniffing
    when it comes to multiple entry points, found some info on wiretap, etc. but
    I've always received such great help on here I thought I would ask before I
    decided on something. Would really appreciate any help, I'm in a heck of a
    bind right now. Thanks.

    firewall
    |
    -3comswitch-servers
    -3comswitch-servers
    -3comswitch-servers

    ids?

    Jason Haith
    Systems Administrator
    Genesis Systems
    5712 S. 77th St
    Omaha, NE 68127
    Phone: (402)592-1452
    Fax: (402)592-3650
    Email: jhaith@genesissys.com

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------


  • Next message: Eric Curbo: "RE: Securing a Local Network"

    Relevant Pages

    • RE: firewall setup
      ... Connect eth2 to the switch with your servers and eth1 to the switch going to ... firewall and still keep their names. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ...
      (Security-Basics)
    • RE: Snort Help - Network IDS
      ... Are you using IDS? ... > Ethical Hacking at the InfoSec Institute. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ...
      (Security-Basics)
    • RE: Which ports to block?
      ... them (depending on the firewall and implementation). ... to facilitate one-on-one interaction with one of our expert instructors. ... pen testing experience in our state of the art hacking lab. ... Attend a course taught by an expert instructor with years of in-the-field ...
      (Security-Basics)
    • RE: Novice asks "OpenBSD best firewall?"
      ... I am also new to this security, ... Novice asks "OpenBSD best firewall?" ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ...
      (Security-Basics)
    • RE: Snort Help - Network IDS
      ... either just inside, or just outside, the firewall. ... But you don't want an IDS failure to bring down your network. ... Attend a course taught by an expert instructor with years of in-the-field ...
      (Security-Basics)