[Snort-sigs] RE: Snort-sigs digest, Vol 1 #87 - 3 msgs

Cessna, Michael MCessna at ...153...
Wed Oct 24 13:41:07 EDT 2001

Good suggestion, and actually that is in the works. We just put in a new
win2k/exchange2k server where before we had a 5.5 box that was here when I
started and is in horrendous shape. I was afraid to kill the server since it
was barely hanging on. Now with the new server we are setting it up with the
SSL certs and limiting all traffic to this. However until that is finished,
I was going nuts with the snort alerts and wanted to stop them.
I haven't tried the client side certs yet....good idea....I like it, I'll
definitely look into that one.

-----Original Message-----
From: Nelson, James (CC-MIS Plans and Prog)
[mailto:James.Nelson at ...74...]
Sent: Wednesday, October 24, 2001 4:04 PM
To: 'snort-sigs at lists.sourceforge.net'
Subject: [Snort-sigs] RE: Snort-sigs digest, Vol 1 #87 - 3 msgs

More practical Suggestion:

Want to make these annoying snort alerts stop?  Encrypt the communications!
Address the largest security risk and change your web mail over to SSL.  Do
you really want your corporate email going over the web unprotected?  Do you
really want your internal LAN ID's and passwords are flying over the
internet in the clear?  That's what you get if you don't use SSL!

Microsoft IIS 4.0 and 5.0 both have certificate authorities in them.  There
are countless free and commercial certificate authorities out there as well.
(Baltimore technologies has a commercial on and Pyca is a free one for
example)  You could very easily use the CA to issue a certificate for your
web site.  If you want to make the error messages go away for you users
because the cert isn't from a trusted authority, you can modify your end
users so their web browsers trust your CA.

If you want security, which you should not stop there.  The SSL handshake
has been showing to have some weakenss when only server side certificates
are used.  IIS has support for client-side certificates.  You can and should
tie client certificates down to the user it was issued to.  Two-factor
authentication-- what a concept.

There's my $0.02 worth.

Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20011024/0f43a3c9/attachment.html>

More information about the Snort-sigs mailing list