Security Basics mailing list archives
Re: Setting up an IDS system
From: "theog" <theog () theog org>
Date: Sat, 1 Feb 2003 13:53:21 +0200
I would put a machine on the outside with a hub (same subnet as the firewall's external inteface), and iptables running , so that the machine will accept all trfic but will respond to none except the machine you are on (if you use NAT , its probably your firewall) no service should be running on the machine , the data is ok to lay outside you'r LAN but analyzing it should be done inside , have snort with mysql (or any other IDS system) running on the outside machine and have the data fetched from the inside. TheOg Liran Cohen ----- Original Message ----- From: "Naman Latif" <naman.latif () inamed com> To: <security-basics () securityfocus com> Sent: Friday, January 31, 2003 7:34 PM Subject: Setting up an IDS system
Hi, I am in the process of setting up and IDS system using Linux\Snort in DMZ. A couple of questions regarding this 1. Is it a safe practice to have access to this system from Inside Network (for retrieving log files etc) from 1-2 Stations ? Ofcourse IDS won't have access to inside network and be blocked by Firewall. 2. What kind of services should be running on IDS Station ? Should all Web\FTp etc services be stopped ? 3. How important it is to also have an IDS system monitoring the traffic on your Inside Network ? I believe it won't be a good idea to have the SAME DMZ IDS system with another NIC monitoring Inside Network Traffic ? Any other suggestions OR any Links that I can refer to ? Regards \\ Naman
Current thread:
- RE: Setting up an IDS system Keith T. Morgan (Feb 03)
- <Possible follow-ups>
- Re: Setting up an IDS system David M. Fetter (Feb 03)
- Re: Setting up an IDS system Gene Yoo (Feb 03)
- RE: Setting up an IDS system Trevor Cushen (Feb 03)
- RE: Setting up an IDS system Naman Latif (Feb 03)
- Re: Setting up an IDS system Ivan Coric (Feb 05)
- Re: Setting up an IDS system Frank Barton (Feb 05)
- Re: Setting up an IDS system theog (Feb 05)
- Re: Setting up an IDS system James Taylor (Feb 05)