[Snort-users] snort question

Jim Hendrick jrhendri at ...9784...
Sat Feb 19 14:23:33 EST 2005


One thing I must comment on from your first posting is that you seem to have
no firewall between your servers and the Internet. You really would be
better addressing this before you worry about installing snort *anywhere*.

That said, a tap simply lets you see everything that goes through it. 
It acts *similarly* to a (true) hub, except it also shows illegal signals on
the wire that would not show up with (either) a hub or a switch (both a hub
and switch can only transmit protocols they understand, so signals outside
their ability to understand never will show up)

A tap is nice if you can afford it, but depending on the bandwidth to the
Internet, you might be able to use a hub there (to save money).

But please, address the firewall issue first. Does your current one have a
3rd interface? If not, you should look into getting one that does (if budget
is a problem, look into a Linux box w/ 3 NICs to replace your existing
firewall).

And (soon) you need to start talking to your management about Internet
access (not sure how big a company you are, but anyone surfing porn at work
can get you sued. Worse yet, now that you are aware of it, you are
responsible for bringing this to management or this can be used as
implicitly allowing it. It may simply need to be a formal policy and putting
the employees on notice to "behave themselves", but you need to get it
addressed before you have a harassment (or other) problem.

Jim


 
-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Jason Warren
Sent: Friday, February 18, 2005 11:34 PM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] snort question


Mainly detection of break in attempts, bad logins, etc. We are a small 
business so I do not really care about what is going out. (unfortunately 
our sales guy already showed me the porn he looks up..... )

question on one of those taps i was apparently offered " a sweet deal " 
on. does that allow me to monitor my LAN and my servers that are out 
side the FW? i am not familiar with those devices.

thanks!

tony cowling wrote:
> Hi Jason.
> What are you trying to achieve?
> 
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Jason 
> Warren
> Sent: Friday, February 18, 2005 2:48 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] snort question
> 
> Curious on where snort would do its job better.
> 
> 
> t1 - switch - web server
> 	      dns server
>                firewall - LAN
> 
> should i put snort on a box that has its own IP or on my LAN behind 
> the
> firewall?
> 
> thanks!
> 
> 
> jason warren
> 
> 
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real 
> users. Discover which products truly live up to the hype. Start 
> reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe: 
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive: 
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 

-- 
Jason Warren
IT Manager/Customer Relations
Zotz Digital - Apple Pro Video/Audio Reseller
541.472.9522 - http://www.zotzdigital.com
------------------------------------------------------
Join the Zotz Discussion List.
email: zotz-list-request at ...13052... with the word 'subscribe' in the
email body.


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users






More information about the Snort-users mailing list