[Snort-users] Still Help Needed: i want to make a firewall

Rich Adamson radamson at ...2127...
Thu Apr 17 06:30:11 EDT 2003


> Agreed whole heartedly. Although properly securing a windows box is just as 
> complex a problem as properly securing a unix server, it's not impossible. 
> The only degree to which it is worse is the absolutely horrid history of 
> exploits to IIS (not that Apache is any better).
> 
> I certainly would question the wisdom of running snort on a NT box that 
> sits outside your firewall and runs IIS on the external interface. But I'd 
> also question the wisdom of doing the same thing with a Linux box running 
> Apache, bind, ssh, or sendmail on the external interface. 

We've worked with corporations in 40+ states as independent network performance
and security consultants. In the past 18 months or so, we've seen many
small to medium size companies discontinue their Linux/BSD systems (replaced
with Win2k boxes) due to staff training and internal support costs; had
nothing to do with capabilities, performance or security. (Personally don't 
care, we run NT, Win2k, multiple Linux versions, Sun, etc.)

Several of these clients have NT and Win2k servers directly on Internet
segments, and after multiple years of exposure, have not been compromised
as yet. On the flip side, one client's hardened BSD box (with current 
patches) was compromised and a root kit installed. Regardless of OS, 
security is still an issue of understanding/knowledge/experience and 
applying it to whatever system that's in use. Any missed steps in the
process can obviously create a problem.

An interesting exercise for those that would like empirical data: count 
the number of security alerts by OS in any reasonably complete database.
Every OS needs about the same level of attention.

Rich






More information about the Snort-users mailing list