[Snort-users] New snort install question

Vivek Rajagopalan vivek at ...15649...
Tue May 22 03:56:06 EDT 2012


Apologies, meant to reply to list.

On 22-05-2012 02:49, Sallee, Stephen (Jake) wrote:
>
>
> > ... what are you trying to achieve...
>
> We are indeed trying to protect our LAN from internal threats.  We 
> have a well-protected internet facing edge but as a university we have 
> a few thousand non-university owned assets that access our network 
> every day.  Once these devices are on my network they have bypassed my 
> armored edge and are able to poke away at my soft belly ... I don't 
> like that.
>

Are these non-university machines on a guest VLAN ? If they are, then a 
BPF filter on Snort can help cut down the 'trusted' traffic. This means 
your i3 Dells might be sufficient for the workload.

As far as deploying this over 50+ buildings are concerned have you 
checked out the Security Onion distro ?

Hope that helps,

Vivek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120522/c4bbccfc/attachment.html>


More information about the Snort-users mailing list