tarballed
April 20th, 2005, 18:46
Being as that I have setup my PF firewall at home and seem to have it working properly, one of of my next projects is to setup snort and sguil.

One of the questions I wanted to ask is, do most people here setup a box on either the DMZ or the internal LAN that is running MySQL and other utilities like sguild and ACID? Maybe I should ask, what is a recommended setup for running snort? On the firewall itself? ON a second box somewhere else on the net.

I have a box to spare that i can use for whatever. I can start building this as we speak, but wanted to get ideas before I set out on this task.

Any recommendations?

Kernel_Killer
April 21st, 2005, 00:02
Put your database in your internal, and throw a sensor in every network gateway.

tarballed
April 21st, 2005, 11:49
Put your database in your internal, and throw a sensor in every network gateway.

Thanks...that's what i thought, just wanted to ask here.