Q

Can Snort be configured with a FreeBSD router?

Just because you can use Snort, it doesn't necessarily mean that you always should. In this expert Q&A, Mike Chapple explains which network configuration scenarios call for the intrusion defense tool and which ones don't.

My FreeBSD router has 2 NIC cards: one connected to the data feed from the data center, the other connected to a 24-port switch. Can I install a tool like Snort in this scenario? If so, what are some configuration challenges that I might run into?
You can run Snort in a scenario like this, but that doesn't mean that you should. In the case you're describing, my biggest fear is that you're taking a FreeBSD server and asking it to act in three roles: a server, a router and an intrusion detection system (IDS). This is OK in a bootstrap environment, but if you're at the point where you're running a data center with 24-port switches, I wouldn't encourage it.

I'd recommend that you obtain specialized devices to fill each role on your network. It's a best practice to have...

a dedicated router filing the router role, and it'll be better yet if you can purchase a hardware router, rather than building one on a FreeBSD server. Similarly, you should have a separate device acting as your IDS sensor.

The reason for all of this? Minimizing complexity. A more complex networking environment increases the chances of something going wrong and makes it more difficult to troubleshoot network problems.

More information:

  • Check out SearchSecurity.com's Snort Intrusion Detection and Prevention Guide.
  • Scott Sidel gives his take on Snort as an network intrusion defense tool.
  • This was last published in August 2007

    Dig Deeper on Open Source Security Tools and Applications

    PRO+

    Content

    Find more PRO+ content and other member only offers, here.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

    Please create a username to comment.

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close