Snort mailing list archives
Re: Authenticating,Encrypting snort sensor traffic to the remote database
From: Jason Haar <Jason.Haar () trimble co nz>
Date: Sat, 18 Aug 2001 19:55:19 +1200
On Fri, Aug 17, 2001 at 04:20:25PM +0200, Sean Wheeler wrote:
... While this piece in itself was not an issue at all, the additional requirement was that the data between snort & the DB must be authenticated & encrypted. ... My question is : Is anyone else having this encrypted requirement and what have you done to provide the authentication/encryption layer ?
IPSec and CIPE are two great VPN technologies that do what you want, but good ol' stunnel is up to it too. That gives you encryption, and if you run it with client certs - that gives you the authentication you desire: Something like: stunnel -d 3307 -r localhost:3306 Starts a SSL listener on port 3307. Run up the opposite on the other end, and it'll SSL'ify your MySQL traffic nicely :-) I guess if you have quite a few of these servers, and they are cloned IDS systems, then a full VPN would actually be simplest. Running dozens of separate SSL tunnels and dealing with app crashes/etc could become more work than VPN in the long run... BTW, I'd suggest running local MySQL servers and either replicating the data (MySQL feature) to the central server, or rsyncing it nightly (if realtime isn't a must-have). Much more resilient to network outages that way... -- Cheers Jason Haar Unix/Special Projects, Trimble NZ Phone: +64 3 9635 377 Fax: +64 3 9635 417 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Authenticating,Encrypting snort sensor traffic to the remote database Sean Wheeler (Aug 17)
- Re: Authenticating,Encrypting snort sensor traffic to the remote database Jason Haar (Aug 18)