[Snort-users] Choosing a firewall with Snort

Pratik Narang pratik.cse.bits at ...11827...
Mon Oct 1 05:27:32 EDT 2012


Thanks all for help. Along with the suggestions given, I have started
looking at Endian Open source UTM - any comments or feedback on that?

Pfsense, Untangle etc. provide built in snort- so does that mean i can only
run snort as a binary and cant touch the source code?

Regards,
Pratik



On Sat, Sep 29, 2012 at 7:33 PM, Kevin Ross <kevross33 at ...14012...>wrote:

> Hi,
>
> Here are a few screenshots I made of my home pfsense box of snort (I have
> changed some rule settings for the screenshots to show more critical stuff
> which will require less tuning than some other categories you don't want to
> block on in threshold.conf. The other thing you can do is have it write to
> an external database (i.e have mysql point to another snort database on
> another host and use a web interface like snorby to look at the alerts. Not
> great in a home environment and a large environment you are likely to have
> dedicated snort/monitoring boxes but great.
>
> As I said a few negatives like not remembering specific rules you have
> disabled (categories are fine) and you are stuck with the options it gives
> you in the GUI but it is more than enough and the best snort implementation
> I have seen in any opensource UTM before you get to some of the other
> features and packages.
>
> Hope that is more helpful with screenshots.
> Kevin
>
> On 28 September 2012 07:12, Pratik Narang <pratik.cse.bits at ...11827...>wrote:
>
>> Yes Snort will do its job for sure. But, you know, some products just gel
>> well with each other / are just made for each other. I was just wondering
>> if there are any Firewalls/UTMs systems (Open source) which are known to be
>> Snort-friendly :)
>>
>>
>> On Fri, Sep 28, 2012 at 1:21 AM, Shomiron Das Gupta <shomiron at ...11827...>wrote:
>>
>>>  Pratik,
>>>
>>> Snort will do its job regardless of which firewall is running around it,
>>> frankly there is no connection between the two technologies.
>>>
>>> I am sure there is something in your question we are unable to figure.
>>> Pls rephrase if required.
>>>
>>> Thanks :)
>>>
>>> --
>>> Shomiron Das Gupta
>>>
>>> NETMONASTERY NSPL
>>> http://netmonastery.com
>>> twitter: @shomiron
>>>
>>> On Wednesday, 26 September 2012 at 2:01 PM, Pratik Narang wrote:
>>>
>>> Thanks Kevin. Just to make it clear - I was talking of suggestions for
>>> Firewalls/UTm systems which gel well with Snort. Having Snort inbuilt is
>>> not a requirement.
>>>
>>> On Wed, Sep 26, 2012 at 1:29 PM, Kevin Ross <kevross33 at ...14012...>wrote:
>>>
>>> Do you mean one which includes snort built in or as an easy to install
>>> package? If so I recommend pfsense, it isn't IPS in terms of it will drop
>>> packets inline but it will block the attacker but make sure you tune it
>>> (for some reason for the time being though during updates it doesn't
>>> remember what specific rules you have disabled so run it a while, disable
>>> and enable rulle categories and specific rules giving you bother use the
>>> threshold.conf screen). It is an excellent firewall though and you can do
>>> things like geoip blocking with pfblocker, VPNs, excellent firewall rule
>>> flexibility and advanced features and more (including proxy packages). It
>>> has certainly been great for me in a home environment although I am not
>>> sure in a work environment as I work in a very large organization and we
>>> use appliance based firewalls.
>>>
>>> Hope that helps you. Other options are smoothwall (updates seemed to
>>> stop when I moved from it to pfsense), Astaro and there will be others too.
>>>
>>> Kev
>>>
>>> On 26 September 2012 07:33, Pratik Narang <pratik.cse.bits at ...11827...>wrote:
>>>
>>> Hi all,
>>>
>>> Any recommendations for Open source Firewall/UTM solutions which go well
>>> with Snort IPS ?
>>>
>>> Thanks.
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Live Security Virtual Conference
>>> Exclusive live event will cover all the ways today's security and
>>> threat landscape has changed and how IT managers can respond. Discussions
>>> will include endpoint security, mobile security and the latest in malware
>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>
>>> Please visit http://blog.snort.org to stay current on all the latest
>>> Snort news!
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Live Security Virtual Conference
>>> Exclusive live event will cover all the ways today's security and
>>> threat landscape has changed and how IT managers can respond.
>>> Discussions
>>> will include endpoint security, mobile security and the latest in
>>> malware
>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>
>>> Please visit http://blog.snort.org to stay current on all the latest
>>> Snort news!
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Everyone hates slow websites. So do we.
>>> Make your web apps faster with AppDynamics
>>> Download AppDynamics Lite for free today:
>>> http://ad.doubleclick.net/clk;258768047;13503038;j?
>>> http://info.appdynamics.com/FreeJavaPerformanceDownload.html
>>>
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>
>>> Please visit http://blog.snort.org to stay current on all the latest
>>> Snort news!
>>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Got visibility?
>> Most devs has no idea what their production app looks like.
>> Find out how fast your code is with AppDynamics Lite.
>> http://ad.doubleclick.net/clk;262219671;13503038;y?
>> http://info.appdynamics.com/FreeJavaPerformanceDownload.html
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121001/8e6ae7df/attachment.html>


More information about the Snort-users mailing list