[Snort-users] Choosing a firewall with Snort

Kevin Ross kevross33 at ...14012...
Fri Sep 28 07:24:26 EDT 2012


Again pfsense and also untangle. Pfsense is good as:

a) Snort is easily installed via the package menu in the web browser and is
up to date
b) it has the configuration options in GUI form which can make it easier.

The negatives are it doesn't remember specific rule tuning aside from broad
disabling of categories during update (so tune it with the threshold.conf
menu to supress FP or risky alerts before you click to block attackers and
choose "safe" categories with little risk of false positives). The other
negative is as far as I know you can't just modify snort.conf for more
advanced settings that aren't supported in GUI and for them to remain.

You could also look at untangle although I have no experience with that.

regards,
Kevin

On 28 September 2012 07:12, Pratik Narang <pratik.cse.bits at ...11827...> wrote:

> Yes Snort will do its job for sure. But, you know, some products just gel
> well with each other / are just made for each other. I was just wondering
> if there are any Firewalls/UTMs systems (Open source) which are known to be
> Snort-friendly :)
>
>
> On Fri, Sep 28, 2012 at 1:21 AM, Shomiron Das Gupta <shomiron at ...11827...>wrote:
>
>>  Pratik,
>>
>> Snort will do its job regardless of which firewall is running around it,
>> frankly there is no connection between the two technologies.
>>
>> I am sure there is something in your question we are unable to figure.
>> Pls rephrase if required.
>>
>> Thanks :)
>>
>> --
>> Shomiron Das Gupta
>>
>> NETMONASTERY NSPL
>> http://netmonastery.com
>> twitter: @shomiron
>>
>> On Wednesday, 26 September 2012 at 2:01 PM, Pratik Narang wrote:
>>
>> Thanks Kevin. Just to make it clear - I was talking of suggestions for
>> Firewalls/UTm systems which gel well with Snort. Having Snort inbuilt is
>> not a requirement.
>>
>> On Wed, Sep 26, 2012 at 1:29 PM, Kevin Ross <kevross33 at ...14012...>wrote:
>>
>> Do you mean one which includes snort built in or as an easy to install
>> package? If so I recommend pfsense, it isn't IPS in terms of it will drop
>> packets inline but it will block the attacker but make sure you tune it
>> (for some reason for the time being though during updates it doesn't
>> remember what specific rules you have disabled so run it a while, disable
>> and enable rulle categories and specific rules giving you bother use the
>> threshold.conf screen). It is an excellent firewall though and you can do
>> things like geoip blocking with pfblocker, VPNs, excellent firewall rule
>> flexibility and advanced features and more (including proxy packages). It
>> has certainly been great for me in a home environment although I am not
>> sure in a work environment as I work in a very large organization and we
>> use appliance based firewalls.
>>
>> Hope that helps you. Other options are smoothwall (updates seemed to stop
>> when I moved from it to pfsense), Astaro and there will be others too.
>>
>> Kev
>>
>> On 26 September 2012 07:33, Pratik Narang <pratik.cse.bits at ...11827...>wrote:
>>
>> Hi all,
>>
>> Any recommendations for Open source Firewall/UTM solutions which go well
>> with Snort IPS ?
>>
>> Thanks.
>>
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Everyone hates slow websites. So do we.
>> Make your web apps faster with AppDynamics
>> Download AppDynamics Lite for free today:
>> http://ad.doubleclick.net/clk;258768047;13503038;j?
>> http://info.appdynamics.com/FreeJavaPerformanceDownload.html
>>
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>
>
>
> ------------------------------------------------------------------------------
> Got visibility?
> Most devs has no idea what their production app looks like.
> Find out how fast your code is with AppDynamics Lite.
> http://ad.doubleclick.net/clk;262219671;13503038;y?
> http://info.appdynamics.com/FreeJavaPerformanceDownload.html
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120928/5acdf852/attachment.html>


More information about the Snort-users mailing list