[Snort-users] IDS and Firewall
j.riden at ...11179...
Wed Apr 28 16:20:06 EDT 2004
"Shaffer, Paul D" <paul.d.shaffer at ...178...> writes:
> Everyone responding to this thread seems to be preaching to the choir
> with an amazing grasp of the obvious. But nobody bothered to ask the
> Kernel anything constituting a requirements definition - What is he
> trying to do? What is his environment? What equipment does he have
=>Is it recommended to run on it snort (on the same box)
=>or should I run it on another computer
No, it's not recommmend, and yes the OP should run it on another
computer. Obviously, if s/he can't it's not the end of the world, but
s/he asked the question as if that was a possibility.
> Have you considered the possibility that dyed-in-the-wool dogma purveyed
> as gospel, may not be what he is looking for? Maybe he wants some
> advice or examples of how a multi-purpose security device might be
> cobbled together and properly locked down with Linux?
If you don't like the answer you shouldn't have asked the question :)
Seriously, I wouldn't run snort on a home firewall even. If you've got
a box you're protecting with the firewall, it's far better to put
snort on that. Have the fw as your prevention, and snort as your
Apart from security issues, a fw is a single point of failure for most
of us, so is best left to do just firewalling. Running snort will
typically need a lot more oomph than just running iptables, so it's
possible his firewall box isn't up to spec in that regard.
Plus, I don't care about the vast number of attacks and scans which
will be visible on the firewall but will be stopped by it. I only care
about packets which get inside the network.
James Riden / j.riden at ...11179... / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/
More information about the Snort-users