[Snort-users] IDS and HoneyPot placement in LAN
quentin.h4c at ...11827...
Wed Jun 16 11:26:38 EDT 2010
I apologize for the newbie question, but what is the best placement for the
IDS and the HoneyPot in the LAN?
I want to monitor a HoneyPot with the IDS (snort) [u]without[/u] monitoring
the complete LAN. Want to monitor just one machine.
What should be the best placement for HoneyPot and IDS for this situation.
The HoneyPot is a so called 'research-honeypot' so it is not used for
Do I have to place the HoneyPot and the IDS in a DMZ?
Or is it better to place the IDS between modem and router, and the HoneyPot
in a DMZ?
Or is it not necessary to have a DMZ and can I place the HoneyPot between
modem and Router and the IDS in the LAN?
Do I need a switch to make a separate network for this?
Or maybe something else?
ergo: What is the best placement for both systems?
Thanks in advance,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users