[Snort-sigs] RE: Snort-sigs digest, Vol 1 #87 - 3 msgs
Nelson, James (CC-MIS Plans and Prog)
James.Nelson at ...74...
Wed Oct 24 13:12:06 EDT 2001
More practical Suggestion:
Want to make these annoying snort alerts stop? Encrypt the communications!
Address the largest security risk and change your web mail over to SSL. Do
you really want your corporate email going over the web unprotected? Do you
really want your internal LAN ID's and passwords are flying over the
internet in the clear? That's what you get if you don't use SSL!
Microsoft IIS 4.0 and 5.0 both have certificate authorities in them. There
are countless free and commercial certificate authorities out there as well.
(Baltimore technologies has a commercial on and Pyca is a free one for
example) You could very easily use the CA to issue a certificate for your
web site. If you want to make the error messages go away for you users
because the cert isn't from a trusted authority, you can modify your end
users so their web browsers trust your CA.
If you want security, which you should not stop there. The SSL handshake
has been showing to have some weakenss when only server side certificates
are used. IIS has support for client-side certificates. You can and should
tie client certificates down to the user it was issued to. Two-factor
authentication-- what a concept.
There's my $0.02 worth.
More information about the Snort-sigs