Note: This is somewhat of a cross between the Networking and Software Stuff boards.
Anybody have any recommendations for a hardware and/or software platform to run an IDS on?
I'm moving to a new apartment in a couple of weeks and I'm redesigning my whole network to be clean from the ground up.
As part of this, I'm adding IDS as a new feature to my network. I had the idea of mirroring inbound/outbound WAN traffic over to a dedicated appliance (router? raspberry pi? tiny x86 box?) where I could perform flow monitoring and traffic analysis.
It was basically going to look something like this:
Can anybody recommend something that's relatively affordable to run this on? I don't have any dedicated hardware to run this on at the moment, so I was looking to either pick up something like a Mikrotik to run Snort and sFlow on, or pricing out a cheap dedicated x86 box to run this.
This would be running out of a network cabinet in a closet, separate from the rack that I have the rest of my equipment in. I'd like to avoid placing the appliance inside the LAN or with the rest of equipment due to security and configuration complexity concerns.
A simple, dedicated appliance would be best for me, thought I'm not sure what hardware and/or software combination to run for this sort of thing. Any suggestions?
Anybody have any recommendations for a hardware and/or software platform to run an IDS on?
I'm moving to a new apartment in a couple of weeks and I'm redesigning my whole network to be clean from the ground up.
As part of this, I'm adding IDS as a new feature to my network. I had the idea of mirroring inbound/outbound WAN traffic over to a dedicated appliance (router? raspberry pi? tiny x86 box?) where I could perform flow monitoring and traffic analysis.
It was basically going to look something like this:
Can anybody recommend something that's relatively affordable to run this on? I don't have any dedicated hardware to run this on at the moment, so I was looking to either pick up something like a Mikrotik to run Snort and sFlow on, or pricing out a cheap dedicated x86 box to run this.
This would be running out of a network cabinet in a closet, separate from the rack that I have the rest of my equipment in. I'd like to avoid placing the appliance inside the LAN or with the rest of equipment due to security and configuration complexity concerns.
A simple, dedicated appliance would be best for me, thought I'm not sure what hardware and/or software combination to run for this sort of thing. Any suggestions?