One of the easiest ways is to simply not give the card an IP address, it can still go into promiscuous mode, and works fine under snort (I believe). It does limit you slightly, you can't run any services off this card - it is really only applicable if the snort box is attached to a second network (or you work locally on it a lot).
Andre -----Original Message----- I would like to start using snort IDS. I have a linux box all built and hardened (per much of the this list's guidance!) but now would like to know how to *truly* secure my second network card that will have snort listening on. What are a few things I should bear in mind when "locking down" this card? What makes the card "stealth?"
