[Snort-users] IDS and Firewall

Jim Hendrick jrhendri at ...9784...
Wed Apr 28 06:08:06 EDT 2004


In general, you want to separate the functions firewall and the IDS.

One of the primary uses for an IDS is to verify that the FW is doing its
job.

That is, if the FW is compromised, the IDS should be able to alert you.

(you may choose to run a separate instance of snort *on* the FW for other
reasons, but that should not be your primary IDS)

Jim

> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of
> Kernel The
> Canine
> Sent: Wednesday, April 28, 2004 3:34 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] IDS and Firewall
>
>
> Hello
>
> I'm running shorewall.net as my firewall, on RedHat
> linux box version 9.0
>
> Is it recommended to run on it snort (on the same box)
> or should I run it on another computer
>
> Waiting for replies
>
> Kind Regards
> Kernel The Canine
>
>
>
>
> __________________________________
> Do you Yahoo!?
> Win a $20,000 Career Makeover at Yahoo! HotJobs
> http://hotjobs.sweepstakes.yahoo.com/careermakeover
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market...
> Oracle 10g.
> Take an Oracle 10g class now, and we'll give you the exam FREE.
> http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>





More information about the Snort-users mailing list