Summary
This chapter focused on the hardware and software required to build a Snort architecture. The proper system resources have to be made available for Snort to avoid situations where packet loss and subsequently false negatives occur. It is difficult to gauge the system resources that Snort will require. Widely varying factors, such as Snort's internal configuration and the content of the monitored traffic, will greatly influence the system resources that Snort will require.
The Snort sensor and the server require the most hardware resources because they are resource-intensive platforms. The console does not have such stringent hardware requirements. An often-overlooked hardware purchasing decision is the NICA NIC, which can be used to offload ...
Get Intrusion Detection with Snort now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
