[ale] Snort (Intrusion Detection)
Bob Toxen
transam at verysecurelinux.com
Thu Mar 24 13:14:59 EST 2005
On Thu, Mar 24, 2005 at 12:51:54PM -0500, Jonathan Rickman wrote:
> I do both. I run snort outside the perimeter just to see what is out
> there driving by, but I also run it locally (even on windows machines)
> with rules tailored to match the specific role/platform of that
> machine. All logs are dumped in the same place for analysis.
I agree with this when one's budget and time allows.
> --
> Jonathan
Bob
> On Thu, 24 Mar 2005 12:49:14 -0500, Jeff Hubbs <hbbs at comcast.net> wrote:
> > In practice, is Snort run *on* an Internet-facing Web server or does one
> > run Snort on a dual-homed machine *in front of* a Web server? Can
> > anyone hold court on the subject?
> >
> > Jeff
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> >
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list