[Snort-users] IDS placement
michael.boman at ...4162...
Mon Jul 7 00:34:04 EDT 2003
On Mon, 2003-07-07 at 14:48, Always Bishan wrote:
> Now the queries are:
> 1. What would be the best place to deploy Snort
> sensors and Manager? PLease do send your expert
It all depends on what you want to detect. If it is attacks from the
internet and between the different zones you are worried about I'd put a
snort instance for each interface on "IPtables Firewall" box.
If you are worried about attacks within each zone I can't give you any
advice that doesn't cost you (or your client) any extra.
> 2. The switches don't have a port mirror, so how do I
> monitor traffic there?
Well, you can't unless you change the switch for a hub...
> 3. What changes shall I make in the network diagram to
> implement the best possible solution?
Hard to say as the intent of the zone is not very clear.
> Note: Client doesnot want to spend anything extra on
Then you have to make compromises with the design and setup. Life in
IT/Security seems to be all about compromises now days..
Security Architect, SecureCiRT Pte Ltd
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: This is a digitally signed message part
More information about the Snort-users