[Snort-users] *very* many snort installations..

Michael Steele michaels at ...9077...
Wed Nov 26 07:47:14 EST 2003


The solution is not to install Snort on every workstation.

You need a network security consultant to point you into the right direction
for the topology of your organization. A project like this needs to be done
correctly the first time to not only save time but money.

If you need a good consultant let me know and I'll give you a contact name
and number :)

Cheers...

-Michael Steele
-- 
 System Engineer / Security Support Technician     
 mailto:michaels at ...9077...    
 Website: http://www.winsnort.com
 Snort: Open Source Network IDS - http://www.snort.org


> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-
> admin at lists.sourceforge.net] On Behalf Of Mokum
> Sent: Wednesday, November 26, 2003 5:45 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] *very* many snort installations..
> 
> Greetings,
> 
> I was requested to look into the possibility to install snort as a
> service on 'all' [XP only] workstations [*way* over 10.000] of a very
> large, very global organization.
> 
> The goal is to have a better insight in the 'known bad' data flows
> though out the network. Of course, the main parts of the network are
> already IDS'ed so the workstation installation would be a sort of
> extended sensorium to make sure we see things behind the routers,
> switches, nat'ing devices & firewalls that normally go undetected untill
> things go really really wrong.
> 
> The well known pitfalls of rollouts like these that I am aware of are:
> - the managebility:
>        - collection of events
>        - the number of the events
> 
> - the QA
>        - snort.exe
>              - stability of the service
>              - resources needed
>        - quality of the rules implemented
> 
> Not my problem is:
> - the installation & distribution of the service, this is done for about
> 1000 other applications too.
> - the updating of the rules [is part of the distribution]
> 
> My question is if anybody on the list has expirience [good or bad] with
> a concept like this? Any pointers?
> 
> Cheers,
> mokum
> 
> 
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: SF.net Giveback Program.
> Does SourceForge.net help you be more productive?  Does it
> help you create better code?  SHARE THE LOVE, and help us help
> YOU!  Click Here: http://sourceforge.net/donate/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users







More information about the Snort-users mailing list