[Snort-users] running it all on 1 box....

twig les twigles at ...131...
Mon Jul 7 13:27:08 EDT 2003


IPFW is FreeBSD-specific, so you could get into trouble.  If you
use SSH port-forwarding or stunnel then you can just pick a
random high TCP port to ship data thru the firewall.  Heck you
can do that without the encryption.  Aside from that sql
traffic, the database server shouldn't need to talk to *anyone*
in the DMZ/outside world.  We also use jump-off points in our
net, so most boxes are firewalled to only accept SSH from a few
different IPs, even on the inside.

So essentially we set up every layer as if the others don't
exist and then hope we are too annoying to penetrate :)

--- Scott Renna <srenna at ...9588...> wrote:
> Hello,
> 
> I'm still testing out Snort and its associated peripherals on
> a system
> here at work, however, my problem is that my company doesn't
> seem to
> want to spend money....ever.  Basically here's what I got
> going on.  I'm
> running the demo system right now as a 266 with 64MB of RAM. 
> 
> I'm wondering....how much am I going to actually be able to
> run on that
> box, and have the system keep up with the work.  I've been
> running tests
> and barnyard seems to be able to keep up with the alerts it
> receives
> from snort(it takes it a few minutes to actually process
> through it all
> and then write to the appropriate log files).  Is it a good
> idea to even
> ATTEMPT to run PostgreSQL and Apache and ACID? 
> 
> Also, I've read in many of the guides that it is preferred to
> running
> the database on a separate system on the "inside".  While I
> can see this
> would be a good idea(since if the Snort box got hacked the
> information
> could be removed), it also opens up a door into the Internal
> Network.
> What type of filtering and protection schemes have you all
> tried that
> have a setup like this?  I would think IPFW would be the
> logical choice,
> but would like some feedback.
> 
> Thanks,
> 
> Scott
> 
> ***************************
> Scott Renna
> Head Systems Administrator
> Dynamic Animation Systems
> 703-503-0500
> 
> *************************** 
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email sponsored by: Free pre-built ASP.NET sites
> including
> Data Reports, E-commerce, Portals, and Forums are available
> now.
> Download today and enter to win an XBOX or Visual Studio .NET.
>
http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
-----------------------------------------------------------
Emo is what happens when the glee club goes punk.       
-----------------------------------------------------------

__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com




More information about the Snort-users mailing list