[Tfug] Snort usage and security precautions
Steven Bowers
steveb7 at bblabs.net
Sun Aug 13 14:55:13 MST 2006
There are passive taps and "receive only" cables that work for this type
of application. Take a look at
http://www.dgonzalez.net/pub/roc/roc.pdf
http://www.snort.org/docs/tap/
While not running in a production environment I do have a passive tap
constructed, using the 2nd article, and in operation. Suits my needs and
seems to provide some good data. Occasionally you will find a true
hardware tap on eBay such as this one:
http://tinyurl.com/fv5ks
Adrian wrote:
> Query: How many people are using Snort in a production environment? Using
> Snort on an internet facing interface?
>
> I keep thinking about deploying Snort as a detection/classification service,
> in addition to may existing firewall logging and periodic manual
> inspection... But it seems like every other week there is a serious security
> hole. Given that, I would hate to have it on my firewall or facing the
> internet in particular, though that is presumably were the "bad stuff" is you
> want to detect.
>
> Adrian
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> https://www.tfug.org/mailman/listinfo/tfug
>
More information about the tfug
mailing list