[Snort-users] PLEASE HELP HERE.
vasanthjobs at ...125...
Sun Feb 8 19:00:02 EST 2004
I will be implementing IDS using SNORT in our company network infrastructure
and would be thankfull for some help.After going through all the documents
found in snort.org.I have got some doubts in implementing Snort IDS.
Is this sensors r taps compulsory.Can we use snort to monitor using
span r mirror port in the switch.If sensor necessary where to get it and how
to place it.
And taps too i found different kinds of taps in the net so plz advice me in
2.EVENT MONITORING � How to better configure the IDS NIC that will be acting
as an admin interface, where I will be connecting for event information.
Should I configure this interface with security to be accessed from the
Internet or should I configure this interface to be accessed from the LAN
via the firewall?
3.LOGS � Where should i store all the logs.Should i need a separate server
to store all the logs.If not approximately how much space will be required.
4.REPORTING � What is the best way to centralize and access all event
reporting? What is the best product to accomplish this?
Please be kind to let me know if you have a better approach to any of this
or if you have any other comments or suggestions.
ADVANCE THANKS FOR ALL WHOEVER HELPS AND GIVES THEIR VALUABLE IDEAS.
Gifts for Him & Her. Valentine�s Day. http://go.msnserver.com/IN/42197.asp
At MSN Shopping.
More information about the Snort-users