[Snort-users] IDS Topology

Demetri Mouratis dmourati at ...3877...
Thu Jan 9 20:31:07 EST 2003


Your best bet is to find a dedicated machine for the sensor.  If that's
not possible, you can just install all the components on one machine.
Several pitfalls with that approach:

- running additional servers on the sensor makes in inherently more
vulnerable
- database, snort, apache, ..., all competing for same system resources
- no steath logging ability

Read some of the ACID documentation for more reasons.
On Thu, 9 Jan 2003, Saul Bosquez wrote:

> Im runnin' Redhat 7.3 on a Compaq proliant server and Im trying to
> install snort 1.8.7 on it.
> On the setup guide in the conceptual IDS topology section, there are 3
> sensors and a centralized acid, mysql database.
> If i'm only using one sensor maybe would be easier to have the sensor
> and the database on the same machine and deploy it outside the
> firewalled network. What do you think guys?
>
>
> -------------------------------------------------------
> This SF.NET email is sponsored by:
> SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
> http://www.vasoftware.com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>

---------------------------------------------------------------------
Demetri Mouratis
dmourati at ...3878...





More information about the Snort-users mailing list