29Eki
Can dual NIC Snort machine cause threats to bypass firewall?
I am thinking about building a Linux Snort machine that can listen to both WAN and LAN traffic.
Setup I am thinking about:
Snort computer with two NICs
One NIC connected to hub/tap outside firewall (WAN)
One NIC connected to hub/tap inside firewall (LAN)
Management from the Snort machine itself.
My question is:
This setup creates a physical path between the WAN and the LAN that bypasses the firewall. Could viruses or trojans or malware or other threats bypass the firewall and go from the WAN into the Snort machine and then to the LAN and affect LAN computers?
I have read about configuring the NICs with no IP addresses, but I have not been able to come to a conclusion about my question.
