Snort mailing list archives
Re: New snort install question
From: "Sallee, Stephen (Jake)" <Jake.Sallee () umhb edu>
Date: Tue, 22 May 2012 13:22:36 +0000
Are these non-university machines on a guest VLAN
...kind of. A few years ago we had the opportunity to completely redesign our network structure. We adopted the following VLan scheme 10.BB.VV.XX Where: BB = building number (arbitrarily assigned by yours truly) VV = VLAN ID XX = workstations We have separate VLans for faculty/staff and students as well as voice and NAC, etc. ... all for each building.
have you checked out the Security Onion distro?
I had not seen that distro, it looks promising though. I will most certainly look into it, THANKS! As for the BPF filter, that seems like an excellent idea if we find our boxes have trouble keeping up, hopefully they won't but you never know. Thank you for the info. Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor 900 College St. Belton TX. 76513 Fone: 254-295-4658 Phax: 254-295-4221 HTTP://WWW.UMHB.EDU From: Vivek Rajagopalan [mailto:vivek () unleashnetworks com] Sent: Tuesday, May 22, 2012 2:56 AM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] New snort install question Apologies, meant to reply to list. On 22-05-2012 02:49, Sallee, Stephen (Jake) wrote:
... what are you trying to achieve...
We are indeed trying to protect our LAN from internal threats. We have a well-protected internet facing edge but as a university we have a few thousand non-university owned assets that access our network every day. Once these devices are on my network they have bypassed my armored edge and are able to poke away at my soft belly ... I don't like that. Are these non-university machines on a guest VLAN ? If they are, then a BPF filter on Snort can help cut down the 'trusted' traffic. This means your i3 Dells might be sufficient for the workload. As far as deploying this over 50+ buildings are concerned have you checked out the Security Onion distro ? Hope that helps, Vivek
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- New snort install question Sallee, Stephen (Jake) (May 21)
- Re: New snort install question Jason Haar (May 21)
- Re: New snort install question Sallee, Stephen (Jake) (May 21)
- Re: New snort install question Vivek Rajagopalan (May 22)
- Re: New snort install question Sallee, Stephen (Jake) (May 22)
- Re: New snort install question livio Ricciulli (May 22)
- Re: New snort install question Sallee, Stephen (Jake) (May 21)
- Re: New snort install question Jason Haar (May 21)