[Snort-users] Snort Deployment Configurations

Martin Holste mcholste at ...11827...
Thu Feb 3 22:11:14 EST 2011


> What other considerations might someone new to snort such as myself overlook
> at first thought?
>

I currently run Snort in multiple configurations on the gateway, but I
used to run it between servers and clients in the data center.  This
proved to be a total waste of time--the amount of traffic that needs
to be inspected combined with the massive amount of false positives
proved to be ineffective for useful intel for the amount of effort
required.  For monitoring the inside of the network, I recommend a
strategy of Netflow, firewall logs, and server logs before you start
trying IDS on that amount and kind of traffic.




More information about the Snort-users mailing list