Introduction

So far, you have learned many of the reasons that Snort is a powerful, important tool to add to your network security toolbox. However, the hype is all for naught if Snort is not installed on a proper machine running an operating system (OS) that meets your organizational requirements, and you have the technical capabilities to set it up properly. This chapter explains several system configurations that will attempt to optimize Snort performance for dissimilar business requirements on diverse network environments.

In the first couple of sections of this chapter, we examine the hardware that s necessary as well as recommended for running Snort on several OS platforms and network configurations. As would be expected for such vastly different OSs (Linux, BSD, Windows, or Solaris), the amount of computing power required to run Snort efficiently on one system could vary on another system. An important note to keep in mind is that the goal of building a Snort box is to limit any type of packet loss. Otherwise, you could miss an attack or fail to log a crucial bit of evidence.

Later in the chapter, we discuss the pros and cons of the various OSs for running Snort. The choice of using Linux, BSD, Windows, or Solaris will depend mostly on the comfort level you have with each OS. If you had little or no experience with a particular OS, it would be pointless to attempt a Snort installation on that OS. However, hardware deficiencies can sometimes be made...