Naman Latif wrote:
naman, you should look at snort forum for your answer, it is very active and should answer most of your question including how to setup snort optimally.Hi, I am in the process of setting up and IDS system using Linux\Snort in DMZ. A couple of questions regarding this1. Is it a safe practice to have access to this system from Inside Network (for retrieving log files etc) from 1-2 Stations ? Ofcourse IDS won't have access to inside network and be blocked by Firewall. 2. What kind of services should be running on IDS Station ? Should all Web\FTp etc services be stopped ? 3. How important it is to also have an IDS system monitoring the traffic on your Inside Network ? I believe it won't be a good idea to have the SAME DMZ IDS system with another NIC monitoring Inside Network Traffic ? Any other suggestions OR any Links that I can refer to ? Regards \\ Naman
http://marc.theaimsgroup.com/?l=snort-users
search for your question or subscribe to the mailing list. good luck.
--
<gyoo [at] attbi [dot] com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
iQCUAwUBPhxERRxoVYCzmrKXAQJK5gP3Y7CTsFyKpEz2p5W4GWI9+qSm+kWfdJ0R
xNlma0Ma9rAL/OBJcZMo5IXyXas+3Edogbv4Al6dIf8lot1WS0Iaxxl/cg2f7gf+
otf7LfNpZDE/6OzR7A1qN6baPMLSjGzywwQWMfSVuWWb6kGQxMsA13Kn68G7Ozxs
5CODZqUPyg==
=AolA
-----END PGP SIGNATURE-----
