Snort mailing list archives
RE: IDS and Firewall
From: "Shaffer, Paul D" <paul.d.shaffer () lmco com>
Date: Wed, 28 Apr 2004 14:09:41 -0600
Everyone responding to this thread seems to be preaching to the choir with an amazing grasp of the obvious. But nobody bothered to ask the Kernel anything constituting a requirements definition - What is he trying to do? What is his environment? What equipment does he have available? Have you considered the possibility that dyed-in-the-wool dogma purveyed as gospel, may not be what he is looking for? Maybe he wants some advice or examples of how a multi-purpose security device might be cobbled together and properly locked down with Linux? Alot of vendors are selling them these days... v/r -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Matt Kettler Sent: Wednesday, April 28, 2004 9:06 AM To: Kernel The Canine; snort-users () lists sourceforge net Subject: Re: [Snort-users] IDS and Firewall At 03:34 AM 4/28/2004, Kernel The Canine wrote:
Hello I'm running shorewall.net as my firewall, on RedHat linux box version 9.0 Is it recommended to run on it snort (on the same box) or should I run it on another computer
Several user's replied citing resource problems doing this. However, nobody mentioned the obvious that every firewall admin should know. SECURITY matters. Never run any network applications on your firewall box. No mailservers, webservers, dns servers, and not snort either. Why? Because if someone exploits snort (ie: the old stream4 vulnerability), or any other program on your firewall box, they now have control of your firewall machine. At that point, you have no firewall at all. You really should treat a firewall box as a firewall-only system if you want it protect you in the event of an attack. Severs, IDS's, etc are best placed on other boxes so that an exploit of one doesn't bring the entire security of your network down as a hacker digs your firewall apart from the inside out. ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- IDS and Firewall Kernel The Canine (Apr 28)
- Re: IDS and Firewall Ravi (Apr 28)
- Re: IDS and Firewall Marcin Laskowski (Apr 28)
- Re: IDS and Firewall Alejandro Flores (Apr 28)
- Re: IDS and Firewall Kernel The Canine (Apr 28)
- Re: IDS and Firewall Matt Kettler (Apr 28)
- Re: IDS and Firewall Alejandro Flores (Apr 28)
- RE: IDS and Firewall Jim Hendrick (Apr 28)
- Re: IDS and Firewall Matt Kettler (Apr 28)
- <Possible follow-ups>
- RE: IDS and Firewall Shaffer, Paul D (Apr 28)
- Re: IDS and Firewall James Riden (Apr 28)
- RE: IDS and Firewall Shaffer, Paul D (Apr 29)
- Message not available
- RE: IDS and Firewall Matt Kettler (Apr 29)
- Snort Rule Downloading - No Updates Since 4/15? Snortty (Apr 30)
- Message not available