[ale] Snort (Intrusion Detection)
Jonathan Rickman
jrickman at gmail.com
Thu Mar 24 12:58:58 EST 2005
I do both. I run snort outside the perimeter just to see what is out
there driving by, but I also run it locally (even on windows machines)
with rules tailored to match the specific role/platform of that
machine. All logs are dumped in the same place for analysis.
--
Jonathan
On Thu, 24 Mar 2005 12:49:14 -0500, Jeff Hubbs <hbbs at comcast.net> wrote:
> In practice, is Snort run *on* an Internet-facing Web server or does one
> run Snort on a dual-homed machine *in front of* a Web server? Can
> anyone hold court on the subject?
>
> Jeff
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>
More information about the Ale
mailing list