Re: Remote location

["shawn . moyer" <shawn () net-connect net>]

Dan Fiorito wrote:

> I have a remote location that has for some reason gained the attention
> of some undesirable entity via the Net. Does anyone have a suggestion on
> how to securely manage Snort/Acid remotely.

Need more details... Are ACID and the DB on the same box as Snort? Is it
possible to firewall off access to all three? 

The short answer is ssh and stunnel (http://www.openssh.com and
http://www.stunnel.org, respectively), plus some firewalling, either via
an actual separate firewall box or ipchains / iptables, or (my fave)
ipfilter. 

Also, any NIDS box should contain as bare an install of whatever OS as
possible, with additional host security measures like
AIDE/Osiris/Tripwire and Swatch / Logcheck, and all of the latest
patches, plus minimal network services.

Like I said, we need more details: 

What OS?
Where's Snort? 
Where's ACID?
Where's the DB?
What's the network look like?
How are you currently accessing the box?
What protections are currently in place?
What leads you to conclude someone is targeting the box and/or you? Did
you piss somebody off on EffNet? :)





--shawn

-- 

s h a w n   m o y e r
shawn () net-connect net

"May the forces of evil become 
confused on the way to your house."

                    --George Carlin

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users