Snort Alert Collection and Analysis Suite

This document outlines separating Snort IDS Collection and Analysis Suite duties across a minimum of three servers (Snort sensor, MySQL database and an ACID web server) to gain optimal coverage and performance. The suggestion is to use Linux for all server components and Windows XP for management and viewing via a Management console. To effectively monitor and protect your network, you will need to understand what parts of your network are crucial to business operations and only then can you design your installation to meet the business requirements. There will be a bit of discussion around Linux installations and the software required on each component. The goal is a scalable solution that can help to secure networks of varying designs and size.

Tags:

Read the complete paper at SANS