[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Snort (Intrusion Detection)

Subject: [ale] Snort (Intrusion Detection)
From: jrickman at gmail.com (Jonathan Rickman)
Date: Thu Mar 24 12:58:58 2005
In-reply-to: <1111686554.10232.8.camel@angel>
References: <1111686554.10232.8.camel@angel>

I do both. I run snort outside the perimeter just to see what is out
there driving by, but I also run it locally (even on windows machines)
with rules tailored to match the specific role/platform of that
machine. All logs are dumped in the same place for analysis.

--
Jonathan

On Thu, 24 Mar 2005 12:49:14 -0500, Jeff Hubbs <hbbs at comcast.net> wrote:
> In practice, is Snort run *on* an Internet-facing Web server or does one
> run Snort on a dual-homed machine *in front of* a Web server?  Can
> anyone hold court on the subject?
> 
> Jeff
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>

Follow-Ups:
- [ale] Snort (Intrusion Detection)
  - From: transam at verysecurelinux.com (Bob Toxen)

References:
- [ale] Snort (Intrusion Detection)
  - From: hbbs at comcast.net (Jeff Hubbs)

Prev by Date: [ale] Snort (Intrusion Detection)
Next by Date: [ale] Snort (Intrusion Detection)
Previous by thread: [ale] Snort (Intrusion Detection)
Next by thread: [ale] Snort (Intrusion Detection)
Index(es):
- Date
- Thread