RE: [Snort-users] *very* many snort installations..

The solution is not to install Snort on every workstation.

You need a network security consultant to point you into the right direction
for the topology of your organization. A project like this needs to be done
correctly the first time to not only save time but money.

If you need a good consultant let me know and I'll give you a contact name
and number :)

Cheers...

-Michael Steele
--
System Engineer / Security Support Technician
mailto:michaels@winsnort.com
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org


> -----Original Message-----
> From: snort-users-admin@lists.sourceforge.net [mailto:snort-users-
> admin@lists.sourceforge.net] On Behalf Of Mokum
> Sent: Wednesday, November 26, 2003 5:45 AM
> To: snort-users@lists.sourceforge.net
> Subject: [Snort-users] *very* many snort installations..
>
> Greetings,
>
> I was requested to look into the possibility to install snort as a
> service on 'all' [XP only] workstations [*way* over 10.000] of a very
> large, very global organization.
>
> The goal is to have a better insight in the 'known bad' data flows
> though out the network. Of course, the main parts of the network are
> already IDS'ed so the workstation installation would be a sort of
> extended sensorium to make sure we see things behind the routers,
> switches, nat'ing devices & firewalls that normally go undetected untill
> things go really really wrong.
>
> The well known pitfalls of rollouts like these that I am aware of are:
> - the managebility:
> - collection of events
> - the number of the events
>
> - the QA
> - snort.exe
> - stability of the service
> - resources needed
> - quality of the rules implemented
>
> Not my problem is:
> - the installation & distribution of the service, this is done for about
> 1000 other applications too.
> - the updating of the rules [is part of the distribution]
>
> My question is if anybody on the list has expirience [good or bad] with
> a concept like this? Any pointers?
>
> Cheers,
> mokum
>
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: SF.net Giveback Program.
> Does SourceForge.net help you be more productive? Does it
> help you create better code? SHARE THE LOVE, and help us help
> YOU! Click Here: http://sourceforge.net/donate/
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/...fo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.p...st=snort-users





-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive? Does it
help you create better code? SHARE THE LOVE, and help us help
YOU! Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users