running it all on 1 box....

["Scott Renna" <srenna () d-a-s com>]

Hello,

I'm still testing out Snort and its associated peripherals on a system
here at work, however, my problem is that my company doesn't seem to
want to spend money....ever.  Basically here's what I got going on.  I'm
running the demo system right now as a 266 with 64MB of RAM. 

I'm wondering....how much am I going to actually be able to run on that
box, and have the system keep up with the work.  I've been running tests
and barnyard seems to be able to keep up with the alerts it receives
from snort(it takes it a few minutes to actually process through it all
and then write to the appropriate log files).  Is it a good idea to even
ATTEMPT to run PostgreSQL and Apache and ACID? 

Also, I've read in many of the guides that it is preferred to running
the database on a separate system on the "inside".  While I can see this
would be a good idea(since if the Snort box got hacked the information
could be removed), it also opens up a door into the Internal Network.
What type of filtering and protection schemes have you all tried that
have a setup like this?  I would think IPFW would be the logical choice,
but would like some feedback.

Thanks,

Scott

***************************
Scott Renna
Head Systems Administrator
Dynamic Animation Systems
703-503-0500

*************************** 



-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users