[Snort-users] Centralized DB Server??
Marc.Thompson at ...2101...
Tue Jun 12 20:58:23 EDT 2001
>But I would feel uhm... uncomforatable with an open MySQL-Port to a
>machine sitting inside our network and collecting lots of 'foreign',
>unchecked and unencrypted sensor data.
What about an IDS box that has two network interfaces: One non-IP
Ethernet adapter on the DMZ and one IP-assigned Ethernet Adapter
on the local net.
I forgot to mention that I am assuming that I am *not* transferring
alerts across the Internet. The sites have redundant VPN connectivity,
to the sites are also connected via leased-lines on a private net.
Does this mitigate the risk or am I misunderstanding your point?
IT Site Manager
7800 Shoal Creek Blvd. Suite 200N
Austin, TX 78757
From: Andreas Lindenblatt [mailto:azrael at ...70...]
Sent: Tuesday, June 12, 2001 6:20 PM
To: Marc Thompson; 'Kris Quinby'
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Centralized DB Server??
> geographical locations. I've been brainstorming this a bit, and it seems
> that I should be able to easily ignore alerts that are being generated by
> traffic to the MySQL TCP port. Does this sound like the answer?
It surely is an answer to your initial question :).
But I would feel uhm... uncomforatable with an open MySQL-Port to a
machine sitting inside our network and collecting lots of 'foreign',
unchecked and unencrypted sensor data.
Even if it means we don't get 'real-time' data, we fell back to packing
and scrambling logs at the snort-boxes and fetching them with scp.
Hmmm... what happened to SnortNet? It looked good with snort 1.6 :)
More information about the Snort-users