Snort on LAN (beginner)

IDS/IPS
Log in to reply
  • R

    Good day,

    Snort on LAN and not WAN?
    I found this question being asked several times on this forum and general consensus was "go with Snort on LAN if using NAT".
    PLEASE FORGIVE me for bringing this up yet one more time. I am trying to wrap my head around this and by creating a silly post obviously having issue with that.
    In layman's terms, my understanding is that I want to block the bad guys' attempts to compromise network (DDOS for example) on the WAN part of the firewall, before getting to LAN.
    So Why LAN?
    Am I misunderstanding IPS completely? or above is the firewall's job?

    My home network is very simple:

    PCs
      |
    LAN (172.16.0.0)
      |
    pfSense
      |
    WAN (192.168.0.0)
      |
    ISP Router
      |
    Internet

    I have double NAT going on, maybe this is where I am getting confused.
    Thank you very much!

    0
  • F

    You kinda always need a firewall in front/inline.
    Otherwise you would be processing malicious packets sent against your IDS
    or jsut processing useless packets that a firewall could have drop faster.

    To block ports,ip,protocol = firewall
    To block domains,url,user agent = proxy
    To block patterns, evasion/obfuscation kunfu, malware, deep packet inspection with complex regex = IDS

    F.

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy