Security Basics mailing list archives
Re: Setting up an IDS system
From: "Ivan Coric" <ivan.coric () workcoverqld com au>
Date: Sat, 01 Feb 2003 10:16:32 +1000
Hi Naman, reply in line "Naman Latif" wrote 1. Is it a safe practice to have access to this system from Inside Network (for retrieving log files etc) from 1-2 Stations ? Of course IDS won't have access to inside network and be blocked by Firewall. Have the ids box dual homed, 1 NIC for the DMZ with no ip address, if you like a read only cable too. 2nd NIC back into your LAN for logging and admin. A default install of RedHat has ip forward off. Have only SSH listen only on the internal LAN NIC (#ListenAddress 0.0.0.0) 2. What kind of services should be running on IDS Station ? Should all Web\FTP etc services be stopped ? If you mean daemon services, than I personally would have only SSH for admin. 3. How important it is to also have an IDS system monitoring the traffic on your Inside Network ? I believe it won't be a good idea to have the SAME DMZ IDS system with another NIC monitoring Inside Network Traffic ? depends on what your company does, how valuable is the info traversing your infernal LAN and how much do you trust your employees. Any other suggestions OR any Links that I can refer to ? get another box, put a couple of NICs into it and you'll have a great IDS/sniffer that will teach you about your internal network, help with troubleshooting and give you an idea of what goes on there. Can be a very inexpensive box, P200, 128mb RAM, 20G HD would do just nicely. cheers Ivan Coric IT Security Officer Information Technology WorkCover Queensland Ph: (07) 30066414 Fax: (07) 30066424 Email: ivan.coric () workcoverqld com au *************************************************************************** Messages included in this e-mail and any of its attachments are those of the author unless specifically stated to represent WorkCover Queensland. The contents of this message are to be used for the intended purpose only and are to be kept confidential at all times. This message may contain privileged information directed only to the intended addressee/s. Accidental receipt of this information should be deleted promptly and the sender notified. This e-mail has been scanned by Sophos for known viruses. However, no warranty nor liability is implied in this respect. **********************************************************************
Current thread:
- RE: Setting up an IDS system Keith T. Morgan (Feb 03)
- <Possible follow-ups>
- Re: Setting up an IDS system David M. Fetter (Feb 03)
- Re: Setting up an IDS system Gene Yoo (Feb 03)
- RE: Setting up an IDS system Trevor Cushen (Feb 03)
- RE: Setting up an IDS system Naman Latif (Feb 03)
- Re: Setting up an IDS system Ivan Coric (Feb 05)
- Re: Setting up an IDS system Frank Barton (Feb 05)
- Re: Setting up an IDS system theog (Feb 05)
- Re: Setting up an IDS system James Taylor (Feb 05)