[Discussion] Features - Designing for Scaleability
Michael Scheidell
scheidell at secnap.net
Fri Jan 16 00:07:18 UTC 2009
Openvpn does have a lot of overhead,and you need to decide if sensor-sensor communications is top or udp (then use the other for openvpn ). Using scripts ic you star config you can identify all the sensors real easy. We use it here.
-----Original Message-----
From: Frank Knobbe <frank at knobbe.us>
Sent: Thursday, January 15, 2009 6:57 PM
To: Martin Holste <mcholste at gmail.com>
Cc: discussion at openinfosecfoundation.org <discussion at openinfosecfoundation.org>
Subject: Re: [Discussion] Features - Designing for Scaleability
On Thu, 2009-01-15 at 12:35 -0600, Martin Holste wrote:
> Regarding sensor-sensor communcation, I recommend using OpenVPN for
> all communication since it's free, cross-platform, provides built-in
> compression, has easy configuration, it's PKI infrastructure based,
> and makes debugging much easier since you can sniff your tun0 socket.
> It also makes your host firewall rules much more simple.
But then you have administration overhead, right? (Sorry, I don't use
OpenVPN. All my VPN's are SSH-based).
Wouldn't it make more sense to use some sort of cloud/P2P-based
sensor-to-sensor communication that is able to "find" other sensors to
reduce admin tasks? Give it a name and let it join the sensor cloud. :)
I think that may be what Matt was eluding to in regards to sensors being
aware of each other.
Cheers,
Frank
_______________________________________________
Discussion mailing list
Discussion at openinfosecfoundation.org
http://lists.openinfosecfoundation.org/mailman/listinfo/discussion
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
_________________________________________________________________________
More information about the Discussion
mailing list