[Snort-users] Snort Hardware Selection and Fiber/Copper Taps

Alex Tatistcheff alex.tatistcheff at ...11827...
Wed Nov 4 11:01:32 EST 2009


That "funding not an issue" statement is what's pushing some to recommend 3D
appliances.  You can spend as much as you want on a Snort box and you will
never have the capabilities available in a 3D appliance - i.e. Realtime
Network Awareness.  It's hard to overstate the importance of this capability
in an IDS/IPS.

Alex Tatistcheff
alext at ...492...

-- When a convicted terrorist was sentenced to face Jack Bauer, he appealed
to have the sentence reduced to death.




On Thu, Oct 29, 2009 at 12:46 PM, Chan, Wilson <wchan at ...14702...> wrote:

>  Im looking at spec’ing out some new servers for my Linux (CentOS) Snort
> boxes. If funding was not a issue what would you buy?
>
>
>
> Q: Snort is not multi-threaded so does it make sense to buy a rack mount
> server with multiple cpus?
>
>
>
> Q: How much ram should be allocated per server for 32bit snort on linux? If
> I go over 4Gb I would have to use a PAE kernel. How much ram can Snort use?
>
>
>
> Q: Ntap fiber to copper aggregators for gigabit links or Ntap fiber to
> copper traditional taps (Outputs Tx and Rx per copper port)?
>
>
>
> Q: If I decide to use the traditional taps do you run two processes of
> snort for each TX and RX or do you bridge the two interfaces and run just
> one snort process? What is best to do in this scenario? Thanks!
>
>
>
>
>
> *Wilson*
>
>
>
>
> ------------------------------------------------------------------------------
> Come build with us! The BlackBerry(R) Developer Conference in SF, CA
> is the only developer event you need to attend this year. Jumpstart your
> developing skills, take BlackBerry mobile applications to market and stay
> ahead of the curve. Join us from November 9 - 12, 2009. Register now!
> http://p.sf.net/sfu/devconference
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20091104/dac5bae2/attachment.html>


More information about the Snort-users mailing list