[Snort-users] Securing a Snort machine
snort_man at ...125...
Thu Apr 17 07:39:04 EDT 2003
Here are a few steps to get you going:
Shutdown all unnecessary services.
Make sure the machine is invisible on the network. No IP address.
I am not sure how you have it set up but any communications to it should be
encrypted (i.e. SSH instead of telnet)
Also if Snort reports back to a database make sure those communications are
encrypted as well. If this is the case you should also be using two NICs,
one for listening (w/ no IP address) and one for reporting.
>From: Elvira_Byrnes at ...8560...
>To: snort-users at lists.sourceforge.net
>Subject: [Snort-users] Securing a Snort machine
>Date: Thu, 17 Apr 2003 14:07:39 +1000
>I have installed Snort and now want to make the machine secure. Snort will
>be listening on border attacks (outside the network), on the dmz, and
>What is the best way of doing it on RedHat 8.0 and 9.0?
>Thanks a lot.
>******************** Confidentiality Statement ***************************
>This message contains privileged and confidential information intended only
>for the use of the addressee named above. If you are not the intended
>recipient of this message, you must not disseminate, copy or take any
>in reliance on it. If you have received this message in error, please
>delete it from your system and notify the sender immediately. Any views
>expressed in this message are those of the individual sender, except where
>the sender specifically states them to be the view of the company.
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
More information about the Snort-users