[Snort-users] New snort install question
vivek at ...15649...
Tue May 22 03:56:06 EDT 2012
Apologies, meant to reply to list.
On 22-05-2012 02:49, Sallee, Stephen (Jake) wrote:
> > ... what are you trying to achieve...
> We are indeed trying to protect our LAN from internal threats. We
> have a well-protected internet facing edge but as a university we have
> a few thousand non-university owned assets that access our network
> every day. Once these devices are on my network they have bypassed my
> armored edge and are able to poke away at my soft belly ... I don't
> like that.
Are these non-university machines on a guest VLAN ? If they are, then a
BPF filter on Snort can help cut down the 'trusted' traffic. This means
your i3 Dells might be sufficient for the workload.
As far as deploying this over 50+ buildings are concerned have you
checked out the Security Onion distro ?
Hope that helps,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users