Security Basics mailing list archives
Re: Setting up an IDS system
From: Gene Yoo <gyoo () attbi com>
Date: Sat, 01 Feb 2003 09:19:58 -0800
Naman Latif wrote:
Hi, I am in the process of setting up and IDS system using Linux\Snort in DMZ. A couple of questions regarding this 1. Is it a safe practice to have access to this system from Inside Network (for retrieving log files etc) from 1-2 Stations ? Ofcourse IDS won't have access to inside network and be blocked by Firewall. 2. What kind of services should be running on IDS Station ? Should all Web\FTp etc services be stopped ? 3. How important it is to also have an IDS system monitoring the traffic on your Inside Network ? I believe it won't be a good idea to have the SAME DMZ IDS system with another NIC monitoring Inside Network Traffic ? Any other suggestions OR any Links that I can refer to ? Regards \\ Naman
naman, you should look at snort forum for your answer, it is very active and should answer most of your question including how to setup snort optimally.
http://marc.theaimsgroup.com/?l=snort-users search for your question or subscribe to the mailing list. good luck. -- <gyoo [at] attbi [dot] com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iQCUAwUBPhxERRxoVYCzmrKXAQJK5gP3Y7CTsFyKpEz2p5W4GWI9+qSm+kWfdJ0R xNlma0Ma9rAL/OBJcZMo5IXyXas+3Edogbv4Al6dIf8lot1WS0Iaxxl/cg2f7gf+ otf7LfNpZDE/6OzR7A1qN6baPMLSjGzywwQWMfSVuWWb6kGQxMsA13Kn68G7Ozxs 5CODZqUPyg== =AolA -----END PGP SIGNATURE-----
Current thread:
- RE: Setting up an IDS system Keith T. Morgan (Feb 03)
- <Possible follow-ups>
- Re: Setting up an IDS system David M. Fetter (Feb 03)
- Re: Setting up an IDS system Gene Yoo (Feb 03)
- RE: Setting up an IDS system Trevor Cushen (Feb 03)
- RE: Setting up an IDS system Naman Latif (Feb 03)
- Re: Setting up an IDS system Ivan Coric (Feb 05)
- Re: Setting up an IDS system Frank Barton (Feb 05)
- Re: Setting up an IDS system theog (Feb 05)
- Re: Setting up an IDS system James Taylor (Feb 05)