[Snort-users] Still Help Needed: i want to make a firewall
michaels at ...155...
Wed Apr 16 20:20:24 EDT 2003
Snort is an IDS (Intrusion Detection System), not an IPS (Intrusion
Prevention System). It's had to make some people understand that.
As far as a firewall; there is a bunch of choices out there.
1. Configure an Open BSD box...
2. Hardware firewall (Cisco, etc...)
3. If they are running Windows XP, XP has a built in Firewall, and IPSec.
4. ISA Server
5. Zone Alarm
6. Black Ice
I'm sure there are a lot more options. It just all depends on how much money
they want to spend.
On NT4 Server/2000/XP/2003 Server they can run the IDS in promiscuous mode,
and stick it anywhere as long as they are accessing the console from
localhost; the IDS is completely transparent. This can also be done on any
*nix IDS. If they need remote access to the Windows desktop, install another
NIC, install an SSH server, and then use port forwarding to the remote
desktop, or to Terminal Services. As far as I know it only requires one port
to be opened.
Michael Steele | System Engineer / Support Technician
mailto:michaels at ...155...
Silicon Defense: IDS solutions - http://www.silicondefense.com
Snort: Open Source Network IDS - http://www.snort.org
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Matt Kettler
Sent: Wednesday, April 16, 2003 6:33 PM
To: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Still Help Needed: i want to make a firewall
At 05:28 PM 4/16/2003 -0700, Michael Steele wrote:
>Bottom line is to use what you're comfortable with. Snort CAN be installed
>securely on either platform (Windows or *nix).
Agreed whole heartedly. Although properly securing a windows box is just as
complex a problem as properly securing a unix server, it's not impossible.
The only degree to which it is worse is the absolutely horrid history of
exploits to IIS (not that Apache is any better).
I certainly would question the wisdom of running snort on a NT box that
sits outside your firewall and runs IIS on the external interface. But I'd
also question the wisdom of doing the same thing with a Linux box running
Apache, bind, ssh, or sendmail on the external interface. Anyone doing
either of these setups is just _asking_ to be exploited in the worst
Although all of this this OS difference banter still doesn't address his
original problem, which was needing a firewall. Snort just isn't a
replacement for one, no matter what platform you run it on.
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users