Re: Snort Sensor Placement Outside Firewall

[David Alonso De La Vega Tapage <delavegad () bancoaliado com>]

Hi Rich ..

David from Panamá ..

Ok ..  I have this setup on my net ..  check it ..

1. Mi Linux Box is RH 7.3 ( soon RH 9)  with 20 GB hard disk.  
2. 512 on swaping
3. 512 MB RAM
4. 1.8 ghz processor
5. Snort 2.0 + mysql +acid
6. 2 nics  ( one for manage ) 3 Com for snort.
7. strike cables cat 5 to conect your box in a hub ( or switch with 
mirror port )

My snort funciton perfect .. !   I hope that is teh right information 
for you .. !

Cheers ..


Rich Lichvar wrote:

> I know this is a bit off-topic, but I need some advice/help and would 
> like to tap the experience of those who probably have successfully 
> done what we are thinking of doing.
>  
> We are thinking of putting a Snort-based sensor outside our firewall 
> in the Untrusted zone. (This is after the border/edge/gateway router 
> which is controlled by our hosting facility and not us.) I was 
> wondering if any of you had any advice about:
>  
> 1. OS: Linux? Hardened how? What system capacity (RAM, hard 
> drive) might be required?
> 2. Cabling setup: Internet Cat 5 cable to hub and cable from hub to 
> sensor and cable from hub to Untrusted port of firewall? (I've tried 
> this in the past and had problems with traffic even getting to the 
> firewall. Maybe a crossover cable is needed?)
>  
> Many thanks in advance for any advice/experience you would offer.
>  
> Richard L. Lichvar
> Director, Operations
> Knowledge Resource Center, Inc.
> Phone: 703-848-2100 x228
> Fax: 703-848-4747
> Mobile: 571-221-3430
>  
>
> ------------------------------------------------------------------------
>
> ****** Message from InterScan E-Mail VirusWall NT ******
>
> ** No virus found in attached file noname.htm
>
> Este correo ha sido revisado y esta libre de virus. Disclaimer
> *****************     End of message     ***************
>
>