Designing Your Snort Architecture

Snort is an incredibly flexible and extensible application. Although this is certainly a boon for Snort users, it also creates quite a quandary for the first-time user. Choosing the best architecture for Snort can be daunting: You want to ensure that you can successfully build a working Snort IDS without much difficulty, but you also want a system that you can use to organically scale the IDS as a greater need for intrusion monitoring develops.

As illustrated in Chapter 2, Snort supports an n-tier architecture. This book covers both a single-tier setup and a three-tier installation. Snort's functionality can be spread across multiple machines on different tiers to provide scalability, security, and performance. ...

Get Intrusion Detection with Snort now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.