Re: snort in non switched environments

[Michael Boman <michael () ayeka dyndns org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sunday 19 August 2001 19:12, Prashant Desai wrote:
> Hi friends
>
>
>        where should i put the snort sensor host if i
> dont have mirror port on my switch ,
>
>   please guide me as i am new to IDS
>
> Thanks & Regards
> Prashaht Desai

I think you would find the following document usefull, page 36 has a nice 
diagram. 

http://cs-www.ncsl.nist.gov/publications/drafts/idsdraft.pdf

But, unmanaged switched will be a problem however you do.. CISCO 29xx series 
is not that expensive so next time it's time to upgrade your infrastructure 
put in a few more $$$ to get some pretty good equipment - the cost-savings is 
just not worth it in the long run (even $300 more for a switch spread out 
over 3 years is less then $10 per month, and you spend more money then that 
on coffee/smoke breaks).

Best regards
 Michael Boman

- -- 
There is no such thing as a system that is secure out of the box.
Tim [Timothy M. Mullen, CIO of AnchorIS.Com] claimed earlier this
morning that he had found one at Val-Mart the other day that was
secure out of the box, but as it turns out that was a Nintendo.

- -- Jesper M Johansson, Ph.D. Assistant Professor of Information
   Systems at Boston University - during a SANS audio broadcast
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7f/Bqds5fQJiraJwRAgPAAKCGs0fIqMhxMwGQrmo8Koyv9Ra0uwCgl6VX
XV97ZSlpMKjDZbH1Fk0WNq4=
=WbVR
-----END PGP SIGNATURE-----

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users