[Snort-users] *very* many snort installations..
michaels at ...9077...
Wed Nov 26 07:47:14 EST 2003
The solution is not to install Snort on every workstation.
You need a network security consultant to point you into the right direction
for the topology of your organization. A project like this needs to be done
correctly the first time to not only save time but money.
If you need a good consultant let me know and I'll give you a contact name
and number :)
System Engineer / Security Support Technician
mailto:michaels at ...9077...
Snort: Open Source Network IDS - http://www.snort.org
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-
> admin at lists.sourceforge.net] On Behalf Of Mokum
> Sent: Wednesday, November 26, 2003 5:45 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] *very* many snort installations..
> I was requested to look into the possibility to install snort as a
> service on 'all' [XP only] workstations [*way* over 10.000] of a very
> large, very global organization.
> The goal is to have a better insight in the 'known bad' data flows
> though out the network. Of course, the main parts of the network are
> already IDS'ed so the workstation installation would be a sort of
> extended sensorium to make sure we see things behind the routers,
> switches, nat'ing devices & firewalls that normally go undetected untill
> things go really really wrong.
> The well known pitfalls of rollouts like these that I am aware of are:
> - the managebility:
> - collection of events
> - the number of the events
> - the QA
> - snort.exe
> - stability of the service
> - resources needed
> - quality of the rules implemented
> Not my problem is:
> - the installation & distribution of the service, this is done for about
> 1000 other applications too.
> - the updating of the rules [is part of the distribution]
> My question is if anybody on the list has expirience [good or bad] with
> a concept like this? Any pointers?
> This SF.net email is sponsored by: SF.net Giveback Program.
> Does SourceForge.net help you be more productive? Does it
> help you create better code? SHARE THE LOVE, and help us help
> YOU! Click Here: http://sourceforge.net/donate/
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users