[Snort-users] security of acid

Richard Lawley richard.lawley at ...1503...
Thu Mar 8 08:43:53 EST 2001


Most of the security would be handled by the web server - eg using .htaccess
files to password protect your acid pages, or restrict by IP address.  Any
security holes found in PHP would be fixed promptly anyway, so I don't think
that there are any issues here.  Just keep up to date with bug
reports/vulnerability reports.

Richard

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Ragnar Beer
Sent: 08 March 2001 12:46
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] security of acid


That's certainly the best way to do it. Only in this case I need to
run snort on the protected machine which is connected to the internet
only and is a webserver.
So I wonder what happens to security when I add PHP.

Ragnar

>Hi Ragnar,
>
>>  I was thinking about using acid with snort but when I went to the
>>  website I read that it uses php. I've heard that php has quite a bad
>>  security record. Could anybody perhaps comment on that? I wouldn't
>>  like to open up a gaping hole, of course.
>
>even if so, you wouldn't want to give everyone access to your
>IDS's statistics page, do you? I mean, I keep it
>password-protected in my internal switched network ;o))
>
>Bye, Jan
>
>--
>Radio HUNDERT,6 Medien GmbH Berlin
>- EDV -
>j.muenther at ...206...


_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users





More information about the Snort-users mailing list