Re: Snort Implementation Guide - ACID-MySQL-Redhat7 .2

[Jason <jason () brvenik com>]

I think that the hubs can be a liability for a couple of reasons.

1) Additional SPOFs. But if you only have a hub and can't get funding
then a little downtime to the cloud is likely acceptable on failure.

2) You will definitely miss any host to host traffic that does not cross
a boundary. In some cases this may be acceptable but I would argue that
in nearly all cases of a DMZ it is not and anything larger than a small
network should pay attention to internal host to host traffic.
Intellectual Property violations and outright data theft can kill a
company quick. Is the number still 80% of attacks are internal?

If the switches support it, dump the hubs in the DMZ and Internal and
use port monitoring.

WRT One hub. NO,NO,NO,NO,NO,BAD DOGGY!
If you own one box on any segment you can see and get to any other
connected segment.

Jason.

twig les wrote:
> Actually I just looked at the conceptual placement and
> thought it made a lot of sense.  The hubs are the
> cheapest way to do this, and if you save $150 while
> increasing the confusion, then IMHO it's not worth it.
>
>
> --- Jack Lyons <jack.lyons () martinagency com> wrote:
> > I would like to get people's view points on using 1
> > hub for all three
> > locations.
> >
> > As long as the IP addressing scheme are different,
> > it shouldn't matter
> > correct?
> >
> > Also, you can buy 4 port hubs for under
> > $100...doesn't seem to expensive.
[snip old stuff]


-------------------------------------------------------
This sf.net email is sponsored by: Jabber - The world's fastest growing 
real-time communications platform! Don't just IM. Build it in! 
http://www.jabber.com/osdn/xim
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users