[Snort-users] Question about Inline mode

Albert E. Whale aewhale at ...6483...
Sun Dec 4 15:48:34 EST 2011


I have been asked to develop an IDS/IPS solution which can span multiple
zones behind a firewall.

While I have reservations in implementing a single box to become an
active sensor for IDS/IPS solutions on the networks.

 In addition to believing that this is the wrong strategy to use in
protecting internal networks (I am supposed to protect 4 internal
networks), I am not certain of the correct configuration of the host server.

In an Inline mode, are the network interfaces linked?  What network
configuration is required for IDS/IPS or inline configuration?

Does the inline mode require two interfaces?

Can Snort support multiple networks, simultaneously?  Does this reduce
the throughput capability of the monitor?

Thanks, I have deployed Snort before, but your answers will further
document my case.
-- 

Albert E. Whale, CHS CISA CISSP
Senior Technology & Security Director
*ABS Computer Technology, Inc. *
412-635-7488 ext 100
aewhale at ...6483... <mailto:aewhale at ...6483...>
www.ABS-CompTech.com <http://www.ABS-CompTech.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20111204/65c21e61/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: aewhale.vcf
Type: text/x-vcard
Size: 378 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20111204/65c21e61/attachment.vcf>


More information about the Snort-users mailing list