Snort mailing list archives
RE: IDS Topology
From: "James R. Hendrick" <Jim_Hendrick () KEANE-NNE com>
Date: Fri, 10 Jan 2003 08:39:39 -0500
This (single machine) design will *work*, however, there are security risks you should understand before making that choice. The most important is that with anything exposed, there is a chance it will be compromised (no matter how well you secure it). If that machine has your database, it could give attackers access to that information making it easier for them to craft an attack targeted at your site (including perhaps information about your network from other probes, how your system responds to specific stimuli, details about your logging, etc. etc.) If you can split the functionality, you can more easily reduce this risk. Jim -----Original Message----- From: Saul Bosquez [mailto:cygnus133 () hotmail com] Sent: Thursday, January 09, 2003 8:37 PM To: SNORT Mailing List Subject: [Snort-users] IDS Topology Im runnin' Redhat 7.3 on a Compaq proliant server and Im trying to install snort 1.8.7 on it. On the setup guide in the conceptual IDS topology section, there are 3 sensors and a centralized acid, mysql database. If i'm only using one sensor maybe would be easier to have the sensor and the database on the same machine and deploy it outside the firewalled network. What do you think guys? ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- IDS Topology Saul Bosquez (Jan 09)
- Re: IDS Topology Demetri Mouratis (Jan 09)
- Re: IDS Topology Saad Kadhi (Jan 09)
- Re: IDS Topology Demetri Mouratis (Jan 10)
- Re: IDS Topology Saad Kadhi (Jan 09)
- <Possible follow-ups>
- IDS Topology Saul Bosquez (Jan 09)
- Re: IDS Topology Erek Adams (Jan 09)
- Re: IDS Topology Bennett Todd (Jan 10)
- RE: IDS Topology James R. Hendrick (Jan 10)
- IDS Topology Saul Bosquez (Jan 10)
- Re: IDS Topology Demetri Mouratis (Jan 09)