[Snort-users] Preferrable location?
erek at ...577...
Mon Nov 19 22:24:03 EST 2001
On Mon, 19 Nov 2001, Ronneil Camara wrote:
> a) Where would be the preferrable location of snort box on a network
> with firewall (internal, dmz)? Do I need more than 1 snort?
> b) What would be the advantage of having 2 nics on a snort box?
Setup one as a 'stealth' interface, and the second as a management NIC.
> c) What o.s. is recommended for snort?
Ummm... Not Linux. ;-) Seriously, look at one of the BSD variants. IIRC,
most development is done under FreeBSD or OpenBSD. IMHO, Linux isn't
standardized enough across the board for something this critical. [Sorry, I'm
a Solaris Bigot. ;-) ] Some folks are getting good use out of Linux based
sensors, though! (See Abe Getchell's postings to snort-devlopers...] Short
Answer: Use what you know. Long Answer: Use the simplest first, then expand
to what works the best. Now, as to what works best.... That's another game!
Hope this helps!
More information about the Snort-users