Snort mailing list archives
Re: Remote location
From: "shawn . moyer" <shawn () net-connect net>
Date: Tue, 15 May 2001 12:46:49 -0500
Dan Fiorito wrote:
I have a remote location that has for some reason gained the attention of some undesirable entity via the Net. Does anyone have a suggestion on how to securely manage Snort/Acid remotely.
Need more details... Are ACID and the DB on the same box as Snort? Is it possible to firewall off access to all three? The short answer is ssh and stunnel (http://www.openssh.com and http://www.stunnel.org, respectively), plus some firewalling, either via an actual separate firewall box or ipchains / iptables, or (my fave) ipfilter. Also, any NIDS box should contain as bare an install of whatever OS as possible, with additional host security measures like AIDE/Osiris/Tripwire and Swatch / Logcheck, and all of the latest patches, plus minimal network services. Like I said, we need more details: What OS? Where's Snort? Where's ACID? Where's the DB? What's the network look like? How are you currently accessing the box? What protections are currently in place? What leads you to conclude someone is targeting the box and/or you? Did you piss somebody off on EffNet? :) --shawn -- s h a w n m o y e r shawn () net-connect net "May the forces of evil become confused on the way to your house." --George Carlin _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Remote location Dan Fiorito (May 15)
- Re: Remote location H D Moore (May 15)
- Re: Remote location shawn . moyer (May 15)
- Re: Remote location Jim Forster (May 16)