Solved

Snort deployment

Posted on 2006-06-09
3
380 Views
Last Modified: 2012-05-05
Hello, I am currently planning on deploying snort. I have ISA 2004 as my firewall with 2 network cards filtering traffic. I was thinking installing snort on that box or maybe installing Windows 2003 as a virtual server on that box and installing snort on the virtual server to be safe.

What are the best practices on installing these types of analyzer programs? on boxes with 2 network cards or can it be just one NIC?

Oh, are there any differences between snort for linux and snort for windows security wise? I have heard that linux is much secure than windows many times and wanted to know which platform is trusted more at the enterprise level. thanks for the help.
0
Comment
Question by:elyrodriguez
  • 2
3 Comments
 
LVL 16

Expert Comment

by:xDamox
ID: 16877298
Hi,

Snort is a utility you install on Linux its not an operating system, I would strongly recommend you have a look at smoothwall
its and excellent pieace of software.

http://www.smoothwall.org/

Heres what is said about smoothwall:

SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Linux is the ideal choice for security systems; it is well proven, secure, highly configurable and freely††† available as open source code. SmoothWall includes a hardened subset of the GNU/Linux operating system, so there is no separate OS to install. Designed for ease of use, SmoothWall is configured via a web-based GUI, and requires absolutely no knowledge of Linux to install or use.
0
 

Author Comment

by:elyrodriguez
ID: 16877788
Ok thanks for the info. I do understand that snort is not an operating system. I am talking about the versions of snort that exist for linux and for windows called winsnort. I was asking about the differences between those versions of snort on those respective OS platforms.

I was also asking about the deployment. I am currently supporting ISA 2004 on top of Win 2003 with 2 nework cards and I was wondering if its viable to install a virtual server(win 2003) on that box with 2 NICS to run snort on OR can snort be installed on a box with only 1 NIC.

I am now downloading smoothwall. I will check it out. Thanks again for the info.


0
 
LVL 16

Accepted Solution

by:
xDamox earned 200 total points
ID: 16877825
Hi,

Well I would suggest using snort with Linux as that was its prime release, Smoothwall I belive does support snort :).

With the Win 2003 server you would just need to configure snort to listen on the network card which, is reciving the
internet traffic for it to filter.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question