Hello,
I am thinking about deploying an IP audit machine to check on trends/ abnormal traffic bahavior on our network. I want to get a feel for how it works and what I can learn from the information it gathers. My questions are:
- If you were only going to setup one machine, and you wanted to be able to spot potentially dangerous activity, where would you put it? In your LAN or DMZ?
- Is running SNORT on the same machine a good idea as well? The reason I ask is SNORT normally ends up making me climb up trees I dont need to climb. If I can get a good pulse of what the network should do and does, I think I will have more time to get other things done and not climb so many trees.
Thanks for any advice you can give,
Lyle