Re: Authenticating,Encrypting snort sensor traffic to the remote database

[Jason Haar <Jason.Haar () trimble co nz>]

On Fri, Aug 17, 2001 at 04:20:25PM +0200, Sean Wheeler wrote:
> ...
> While this piece in itself was not an issue at all, the additional
> requirement was that the data between snort & the DB must be authenticated &
> encrypted.
> ...
> My question is : Is anyone else having this encrypted requirement and what
> have you done to provide the authentication/encryption layer ?

IPSec and CIPE are two great VPN technologies that do what you want, but
good ol' stunnel is up to it too. That gives you encryption, and if you run
it with client certs - that gives you the authentication you desire:

Something like:

stunnel  -d 3307 -r localhost:3306

Starts a SSL listener on port 3307. Run up the opposite on the other end,
and it'll SSL'ify your MySQL traffic nicely :-)

I guess if you have quite a few of these servers, and they are cloned IDS
systems, then a full VPN would actually be simplest. Running dozens of
separate SSL tunnels and dealing with app crashes/etc could become more work
than VPN in the long run...

BTW, I'd suggest running local MySQL servers and either replicating the data
(MySQL feature) to the central server, or rsyncing it nightly (if realtime
isn't a must-have). Much more resilient to network outages that way...

-- 
Cheers

Jason Haar

Unix/Special Projects, Trimble NZ
Phone: +64 3 9635 377 Fax: +64 3 9635 417

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users