Security Basics mailing list archives

Re: Setting up an IDS system

From: Gene Yoo <gyoo () attbi com>
Date: Sat, 01 Feb 2003 09:19:58 -0800

Naman Latif wrote:

Hi,
I am in the process of setting up and IDS system using Linux\Snort in
DMZ. A couple of questions regarding this

1. Is it a safe practice to have access to this system from Inside
Network (for retrieving log files etc) from 1-2 Stations ? Ofcourse IDS
won't have access to inside network and be blocked by Firewall.

2. What kind of services should be running on IDS Station ? Should all
Web\FTp etc services be stopped ?

3. How important it is to also have an IDS system monitoring the traffic
on your Inside Network ? I believe it won't be a good idea to have the
SAME DMZ IDS system with another NIC monitoring Inside Network Traffic ?

Any other suggestions OR any Links that I can refer to ?

Regards \\ Naman

naman, you should look at snort forum for your answer, it is very activeand should answer most of your question including how to setup snortoptimally.


http://marc.theaimsgroup.com/?l=snort-users

search for your question or subscribe to the mailing list.  good luck.

--
<gyoo [at] attbi [dot] com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)

iQCUAwUBPhxERRxoVYCzmrKXAQJK5gP3Y7CTsFyKpEz2p5W4GWI9+qSm+kWfdJ0R
xNlma0Ma9rAL/OBJcZMo5IXyXas+3Edogbv4Al6dIf8lot1WS0Iaxxl/cg2f7gf+
otf7LfNpZDE/6OzR7A1qN6baPMLSjGzywwQWMfSVuWWb6kGQxMsA13Kn68G7Ozxs
5CODZqUPyg==
=AolA
-----END PGP SIGNATURE-----

Current thread:

RE: Setting up an IDS system Keith T. Morgan (Feb 03)
- <Possible follow-ups>
- Re: Setting up an IDS system David M. Fetter (Feb 03)
- Re: Setting up an IDS system Gene Yoo (Feb 03)
- RE: Setting up an IDS system Trevor Cushen (Feb 03)
- RE: Setting up an IDS system Naman Latif (Feb 03)
- Re: Setting up an IDS system Ivan Coric (Feb 05)
- Re: Setting up an IDS system Frank Barton (Feb 05)
- Re: Setting up an IDS system theog (Feb 05)
- Re: Setting up an IDS system James Taylor (Feb 05)