[Snort-sigs] Rebuilding snort server and sensors

Thompson, Jimi JimiT at ...2437...
Tue Oct 25 12:15:38 EDT 2005

Item #1 - RH9 is obsolete.  You may not be able to harden the OS
sufficiently to do what you need to do safely.  

Item #2 - RH, unless you go to a lot of extra trouble, tends to install
a lot of things that really aren't ideal on any server, much less one
being used a security appliance.

Item #3 - The BSD's do a much better of job of only installing what's
necessary to bring the box up (i.e. kernel and necessary bits of the OS)


When I'm setting up a box to be used as a security appliance, I make
sure that I have the lasted versions of everything, unless they have
some known issue that makes them undesirable.  I also make sure that
anything I can build from source, I do so since I prefer to do custom
configs instead of pre-installed packages.  I also don't like having to
either go in and uninstall a bunch of crap or spend a lot of valuable
time configuring the OS installer in the first place.  When I first
bring a box up, the ONLY thing I want is a blinking command prompt.  I
really don't care about a GUI, games, web server, etc.  If I want them,
I will install them.  The FIRST rule of security is that if it's not
installed, it's not a problem.


Just my 2 cents....




Ms. Jimi Thompson

Manager of Web Operations

SMU Cox School of Business


If computers get too powerful, we can organize them into a committee --
that will do them in. -- Bradley's Bromide


From: snort-sigs-admin at lists.sourceforge.net
[mailto:snort-sigs-admin at lists.sourceforge.net] On Behalf Of Murali Raju
Sent: Monday, October 24, 2005 7:05 AM
To: Michael Mulholland
Cc: Snort-sigs at lists.sourceforge.net
Subject: Re: [Snort-sigs] Rebuilding snort server and sensors


1. Linux - if you want to use the libpcap that employs a shared mem ring
buffer (http://public.lanl.gov/cpw/)..
2. FreeBSD - with device_polling configured can help speed up packet
capturing in addition to speed and stability...
3. OpenBSD - lean with many security features, including the new heap
protection and other defense against ICMP based attacks available on
release 3.8....the de facto for security appliances in my opinon.

I use and prefer the BSDs over Linux any day...



On 10/24/05, Michael Mulholland <Michael.Mulholland at ...3172...> wrote:


i'm intent on rebuilding our existing snort setup from RH9 and was
wondering what platform you'd recommend


michael mulholland

  Any views expressed by the sender of this message are not necessarily
those of the Department of Finance & Personnel or The Office Of the
Minister and  Deputy First Minister.  This email and any files
with it are intended solely for the use of the individual or entity to
they are addressed.  If you have received this email in error please
the sender immediately by using the reply facility in your email
All emails are swept for the presence of viruses.

This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net 

May the packets be with you. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20051025/45c1276b/attachment.html>

More information about the Snort-sigs mailing list