Network Security

Question 8

How will you design an IDS solution for a web-site offering streaming data to the customers?

This means that we've got very, very heavy outbound traffic but very little inbound traffic. As Snort sees each and every packet on the network, it might be advantagerous to simply ignore all outbound traffic from the streaming servers. Otherwise you run the very real risk of overloading the capacity of both the connection to the Snort server and the Snort server itself. The typical passive ethernet network tap as described in [i44][i45][i46] destinguishes between inbound and outbound traffic. Thus, for the streaming server, one can simply disconnect the outbound port.