[Snort-users] Securing a Snort machine

M M snort_man at ...125...
Thu Apr 17 07:39:04 EDT 2003


Here are a few steps to get you going:

Shutdown all unnecessary services.
Make sure the machine is invisible on the network.  No IP address.
Good passwords
I am not sure how you have it set up but any communications to it should be 
encrypted (i.e. SSH instead of telnet)
Also if Snort reports back to a database make sure those communications are 
encrypted as well.  If this is the case you should also be using two NICs, 
one for listening (w/ no IP address) and one for reporting.



>From: Elvira_Byrnes at ...8560...
>To: snort-users at lists.sourceforge.net
>Subject: [Snort-users] Securing a Snort machine
>Date: Thu, 17 Apr 2003 14:07:39 +1000
>
>Hi Everybody
>
>I have installed Snort and now want to make the machine secure. Snort will
>be listening on border attacks (outside the network), on the dmz, and 
>inside
>the lan.
>
>What is the best way of doing it on RedHat 8.0 and 9.0?
>
>Thanks a lot.
>
>Elvira
>
>
>
>******************** Confidentiality Statement ***************************
>
>This message contains privileged and confidential information intended only
>for the use of the addressee named above.  If you are not the intended
>recipient of this message, you must not disseminate, copy or take any 
>action
>in reliance on it.  If you have received this message in error, please
>delete it from your system and notify the sender immediately.  Any views
>expressed in this message are those of the individual sender, except where
>the sender specifically states them to be the view of the company.
>


_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.  
http://join.msn.com/?page=features/virus





More information about the Snort-users mailing list