[Snort-users] IDS Topology

James R. Hendrick Jim_Hendrick at ...1998...
Fri Jan 10 10:59:14 EST 2003

This (single machine) design will *work*, however, there are security risks
you should understand before making that choice.

 The most important is that with anything exposed, there is a chance it will
be compromised (no matter how well you secure it). If that machine has your
database, it could give attackers access to that information making it
easier for them to craft an attack targeted at your site (including perhaps
information about your network from other probes, how your system responds
to specific stimuli, details about your logging, etc. etc.)

If you can split the functionality, you can more easily reduce this risk.


-----Original Message-----
From: Saul Bosquez [mailto:cygnus133 at ...125...]
Sent: Thursday, January 09, 2003 8:37 PM
To: SNORT Mailing List
Subject: [Snort-users] IDS Topology

Im runnin' Redhat 7.3 on a Compaq proliant server and Im trying to
install snort 1.8.7 on it. 
On the setup guide in the conceptual IDS topology section, there are 3
sensors and a centralized acid, mysql database. 
If i'm only using one sensor maybe would be easier to have the sensor
and the database on the same machine and deploy it outside the
firewalled network. What do you think guys?

This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list