Firewalling gateways and IDS's
Posted
by Scott Davies
on Server Fault
See other posts from Server Fault
or by Scott Davies
Published on 2009-10-06T05:30:36Z
Indexed on
2010/03/17
14:01 UTC
Read the original article
Hit count: 393
Hi,
For IDS, I plan to have a Win 2008 server running on the gateway with the majority of roles disabled. I plan to firewall the Internet connection, but I'd also like to install Snort to work as an IDS. However, I am guessing that regardless of the Snort install of the promiscuous Winpcap driver, I won't be able to monitor ports that the firewall blocks. My thinking is that chain of flow is:
Internet->Firewall on Win 2008->Winpcap->Snort->internal network
Is there a way to still monitor services that the firewall will block (i.e. TCP 445 SMB) ? Perhaps run the data through Snort and then through the firewall ?
Thanks
© Server Fault or respective owner