Questions

Trying to determine Snort IDS placement

Tags: Security, Networking, Hardware
+
0 Votes

Trying to determine Snort IDS placement

bk6662
Hello,

My home network consists of a cable modem, connected to a PIX-501 firewall. I have the firewall connected to a 24-port switch, which in turn I use to connect all my clients. The firewall still has 3 unused Ethernet ports.

I have a Snort machine; I'm trying to figure out where best place to plug it in. If I connect to either a port on the PIX or to the workgroup switch, I will only get broadcast traffic, and traffic destined for the SNORT machine.

I have a document (Google: Snort 2.9.3 and Snort Report Ubuntu 12.04) which shows that I should put a switch with mirrored port in between the broadband, and firewall. I don't want to use a full-fledged switch so I tried placing a hub between these two appliances. But the PIX was never able to get an internet connection; that didn't surprise me.

Since I have that hub (and I've verified it's a true 8-port hub) - can anybody suggest how I can engineer this setup to capture all traffic coming in?

I am also considering purchasing an ASA 5505 to replace the PIX. Would this give me more options?

Awaiting your advice - thank you!!
-bk6662

Member Answers