[Snort-users] Snort and security

Langa Kentane LangaK at ...1059...
Mon Mar 5 03:09:13 EST 2001


What I am trying to do is have my snort box have three interfaces.
One from the outside of the firewall, same switch as firewall and the other
from the inside of the firewall, also same switch as firewall.  Both these
interfaces have not IP. The other is on the internal server network.  This
has a valid IP for logging to our database.

Will this machine be a security problem for us?  Does this pose a security
hole.  Is it at all hackable from the outside??

Any suggestions how I can make this more sucure without needing another box
[tight budget].

Thanks

-----Original Message-----
From: Adrian Asher [mailto:adrian at ...675...]
Sent: 27 February 2001 11:06
To: roeland at ...1415...; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Snort and security



There is no need for the snort box to have an IP address in the same range
as the subnet it is monitoring,
in fact, it needn't have an ip address at all (not all flavours of Unix
support this though).

If you do need to remotely manage the box, then use multiple interfaces, 
and manage the box through an interface on the "non dirty side" of the box.

So if it doesn't have an visible address, it is very hard to
attack.....except from internally.

Adrian

>
>Subject: [Snort-users] Snort and security
>   From: Roeland Weve <roeland at ...1415...>
>   Date: Tue, 27 Feb 2001 09:53:08 +0100
>     To: snort-users at lists.sourceforge.net
>
>Howdy,
>
>I've been watching this mailing list for a while and tried several snort
>options.
>Now I want to implement snort in a (big)network as a Network Intrusion
>Detection System.
>To listen on all data coming through I have to put this system in the
>beginning of the network.
>This can be dangerous, if an intruder hacks this computer he can have a
>few at all the data traffic coming through and use this computer to hack
>further into the network.
>So I decided to use Lids (or a program looks like this) to protect the
>NIDS.
>Does anybody has any expirience with this or did somebody tried another
>program like Lids to protect the system?
>
>I hope somebody can help me on this subject,
>
>Kind regards,
>
>Roeland
>
>
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>http://lists.sourceforge.net/lists/listinfo/snort-users

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users




More information about the Snort-users mailing list