Necessity of Snort
-
Hi,
I was just wondering if its necessary to install Snort or any kind of IDS/IPS on a basic home network when all traffic is blocked on the WAN port by default? I'm not forwarding any ports and don't run any servers on my network. It seems to me that something like Snort my be over kill if all traffic is already block by default.
What do you guy think?
Matt
-
If you don't mind what is going on your network, you don't need it.
In some cases, the ids/ips can help you identify virus traffic or someone on your network trying something nasty.
The first step you did by closing all wan ports.
att,
Marcello Coutinho -
Closing all ports on the WAN site will help you to prevent someone to get access to your network from OUTSIDE your LAN.
snort will work on your LAN side. it could detect if a virus or a trojan or a hacker who got access for example over wifi to your LAN network initiates traffic from LAN to WAN. In general you do not really need this in a home environment with less clients and if you know who has access to this/your network.
