Petri.com forums Home Forums Start Page Forums Frequently Asked Questions FAQ Member List Members List
Go Back   Petri IT Knowledgebase Forums > Security > General Security
Petri.com is happy to award RicklesP the title of Most Valuable Member !!!
Register Calendar Calendar Search Petri IT Knowledgebase Forums Search Todays Posts Today's Posts Mark Forums Read
Notices

IDS Implementation

IDS Implementation

this thread has 3 replies and has been viewed 1923 times

Closed Thread
 
Thread Tools Search this Thread Display Modes
  #1  
Old 30th May 2008, 21:34
ekrengel ekrengel is offline
Member
Here to help
 
 Join Date: Jul 2006
  6 month star 12 month star
 Posts: 437
 Reputation: ekrengel will become famous soon enough (60)
Default IDS Implementation

I would like to setup a snort box in my environment...what would be the best way to go about this?

I have read about using a SPAN port on a cisco switch, to have all traffic come through that 1 port that the IDS will monitor...which doesn't sound that great to me, or there is a network TAP which I believe is a separate piece of hardware you would have to buy.

Does anyone have some good examples that have worked well?
  #2  
Old 1st June 2008, 10:18
dlaskov dlaskov is offline
Casual
Casual
 
 Join Date: Jul 2006
  6 month star 12 month star
 Location: Jerusalem, Israel
 Posts: 13
 Reputation: dlaskov is on a distinguished road (10)
Default Re: IDS Implementation

Hi ekrengel
The way of configuring is:
1. Configure SPAN port mapped on another port connected to server\suspicious machine to check.
2. All traffic is captured by SNORT scanner and analysed (another Linux\Windows Based station with SNORT installed).
3. Frequent checks of status and mail\SMS notification on SNORT to real-time monitor issues.
I think it's not the best way to forward all traffic throw SPAN port, especially in hard-working networks. The best way - to protect valuable information, but if You need complete defense no matter costs - its also possible.
For me it works with IIS WEB-server and mirrored port for all incoming traffic from external users.
__________________
Regards
Denis Laskov
MCSA/E - CWNA - CCNA
  #3  
Old 1st June 2008, 10:46
dlaskov dlaskov is offline
Casual
Casual
 
 Join Date: Jul 2006
  6 month star 12 month star
 Location: Jerusalem, Israel
 Posts: 13
 Reputation: dlaskov is on a distinguished road (10)
Default Re: IDS Implementation

Maybe this will be helpful:
http://www.cisco.com/warp/public/473/41.html
__________________
Regards
Denis Laskov
MCSA/E - CWNA - CCNA
  #4  
Old 2nd June 2008, 22:23
ryansmitty ryansmitty is offline
Junior Member
Staying around
 
 Join Date: Mar 2008
  6 month star 12 month star
 Posts: 173
  Send a message via MSN to ryansmitty
 Reputation: ryansmitty is on a distinguished road (18)
Default Re: IDS Implementation

ekrengel,

SPAN is great if you are on a budget however it has weakness that you should be aware. One of the biggest is that it doesn't scale well. The following link goes into detail on these weakness. Personally I use NetOptic TAPs.

http://www.lovemytool.com/blog/2007/...orts-or-t.html

Ryan
Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
want to keep existing email ids on exchange while domain is changing azaak Exchange 2000 / 2003 6 22nd November 2007 19:58
mapping between account names and security IDs sobelman Windows Server 2008 / 2008 R2 4 31st October 2007 20:42
Windows 2003 Event IDs aa11 Windows Server 2000 / 2003 / 2003 R2 3 21st June 2007 11:17
Implementation of RAID Level-5 fkhan Windows Server 2000 / 2003 / 2003 R2 4 7th June 2007 13:33
Exchange 2000 implementation roys Exchange 2000 / 2003 1 8th July 2005 22:35


All times are GMT +3. The time now is 08:39.

Steel Blue 3.5.4 vBulletin Style ©2006 vBEnhanced
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
 

Valid XHTML 1.0!   Valid CSS!

Copyright 2005 Daniel Petri