Q

Can Snort be configured with a FreeBSD router?

Just because you can use Snort, it doesn't necessarily mean that you always should. In this expert Q&A, Mike Chapple explains which network configuration scenarios call for the intrusion defense tool and which ones don't.

My FreeBSD router has 2 NIC cards: one connected to the data feed from the data center, the other connected to a 24-port switch. Can I install a tool like Snort in this scenario? If so, what are some configuration challenges that I might run into?
You can run Snort in a scenario like this, but that doesn't mean that you should. In the case you're describing, my biggest fear is that you're taking a FreeBSD server and asking it to act in three roles: a server, a router and an intrusion detection system (IDS). This is OK in a bootstrap environment, but if you're at the point where you're running a data center with 24-port switches, I wouldn't encourage it.

I'd recommend that you obtain specialized devices to fill each role on your network. It's a best practice to have a dedicated router filing the router role, and it'll be better yet if you can purchase a hardware router, rather than building one on a FreeBSD server. Similarly, you should have a separate device acting as your IDS sensor.

The reason for all of this? Minimizing complexity. A more complex networking environment increases the chances of something going wrong and makes it more difficult to troubleshoot network problems.

More information:

  • Check out SearchSecurity.com's Snort Intrusion Detection and Prevention Guide.
  • Scott Sidel gives his take on Snort as an network intrusion defense tool.
  • This was first published in August 2007

    Dig deeper on Open Source Security Tools and Applications

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close