I have been asked to place 2 (1 NTOP & 1 SNORT) boxes within our network as part of our tool kit for network monitoring and Intrusion detection. Out network is very simplistic and it layed out like this:
internet
|
|
Cisco 1811 Router (8x Layer 2 switch ports)
|
|
Firewall
|
|
LAN
We have Cisco 1811 router that has 8 x layer 2 switch ports that can be configured into spanning ports. I was thinking of placing the NTOP box in front of the router and SNORT between the router and the firewall. So
internet
|-------------------- NTOP BOX
|
Cisco 1811 Router (8x Layer 2 switch ports) -------SNORT
|
|
Firewall
|
|
LAN
I wanted to know what the forums recommendation would be of the placement of these two separate box and how would I securely get to the second management interfaces on the boxes without comprimising security. So if either if the box gets hacked they would have to go through fort knox to get in. What would be the best way to access the boxes from within the LAN?