Security Basics mailing list archives
Re: [Security Basics] Portsentry and Snort
From: Dan DeVoe <ddevoe () zeus netset com>
Date: Fri, 9 May 2003 12:39:42 -0400 (EDT)
Snort and PortSentry serve two entirely different functions. The former is a Network Intrusion Detection System, the latter is a port scan detector/responder. Snort, in my opinion, is primarily useful for sticking on a bridge in front of the machines you're protecting. Custom patterns combined with acidlab really does let one sleep better at night. The reason that I prefer to use snort in a standalone configuration is mainly the curve between CPU usage and network traffic. YMMV. Snort, though, is definitely a useful tool. PortSentry, in addition to apparently not being a supported, developed product anymore, is of questionable value anyway. A decently strict, logging iptables setup plus fwlogwatch[0] provides more functionality (user-configurable response rather than simply throwing up a drop rule). In addition, fwlogwatch can send out nightly (or another interval) summary e-mails of logged packets, and generate HTML formatted pages of the same data. Should you decide to go with a logging firewall and fwlogwatch, I suggest you look into ulogd[1] so that you don't clutter your /var/log/messages. [0]: http://cert.uni-stuttgart.de/projects/fwlogwatch/ [1]: http://gnumonks.org/projects/ulogd -- Dan DeVoe, System Administrator | http://www.netset.com Ohio NetSet Enterprises, Inc. | (614) 527-9111 **************************************************************** -* Opinions herein are the author's and are not necessarily *- -* shared by his employer, though they certainly should be. *- **************************************************************** On Thu, 8 May 2003, sjm wrote:
Date: Thu, 08 May 2003 10:57:32 -0400 From: sjm <sjm () porter acadaff appstate edu> To: security-basics () securityfocus com Subject: [Security Basics] Portsentry and Snort Should I install both portsentry and snort on my server? I have read so many articles that praise one and knock the other that I don't know what to do. Thanks for you time, /*-----------------------------*\ | | | Steve McKinney | | ARDI - Web Programmer | | sjm () porter appstate edu | | (828) 262-6553 | | | \*-----------------------------*/
--------------------------------------------------------------------------- FastTrain has your solution for a great CISSP Boot Camp. The industry's most recognized corporate security certification track, provides a comprehensive prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization of pertinent security tools. For a limited time you can enter for a chance to win one of the latest technological innovations, the SEGWAY HT. Log onto http://www.securityfocus.com/FastTrain-security-basics ----------------------------------------------------------------------------
Current thread:
- [Security Basics] Portsentry and Snort sjm (May 08)
- Re: [Security Basics] Portsentry and Snort Bryan S. Sampsel (May 09)
- Re: [Security Basics] Portsentry and Snort Dan DeVoe (May 09)