Snort mailing list archives
Re: Beginner w/ IDS and snort
From: "Snail945" <snail945 () yahoo com>
Date: Thu, 23 Aug 2001 20:29:14 -0700
thx. I've gotten similar word of wisdom from some others off-line. I ordered a copy of freebsd today and will work with both it a linux RH7. I will probably have some questions on BSD setup. thx again for the pointers. byron ----- Original Message ----- From: "JP" <Theblahact () hotmail com> To: "Snail945" <snail945 () yahoo com>; <snort-users () lists sourceforge net> Sent: Thursday, August 23, 2001 6:00 PM Subject: Re: [Snort-users] Beginner w/ IDS and snort
Firstly, I'm not a religious zealot about any OS, I think they all have their purpose. What you need to consider is that you are building a security device, and
as
such that device should be hardened. As you are a beginner your hardening skills will be minimal for Linux, so you want to go for a system that is secure out of the box. That being the case I would recommend one of the BSDs, probably OpenBSD as your starting point. I have not touched Linux
for
a little while, but in my experience it tends to come out of the box with everything turned on. The BSDs tend to come out of the box with very
little
turned on. Your learning curve will more than likely be a bit steeper with
a
BSD for that reason. Note that I am by no means saying that you can not make Linux as secure or more secure that a BSD (not even intereseted in going there), but by
default
you are less likely to get into trouble. If you have the capacity, set up a dual homed BSD box with a management
NIC
in a separate DMZ (with no access to anything) and a stealth NIC on the outside of your network. At least that way if someone does manage to hack the machine you are not losing much (as long as you find out about it!). Hope that helps. JP ----- Original Message ----- From: "Snail945" <snail945 () yahoo com>Hello- I'm thinking about using either a Linux/SNORT/DEMARC solution or a
Windows
2000/SNORT solution for the IDS. I come from many years of
administering
Windows based systems and am very comfortable administering and securing them, but am sorta a "beginner to intermediate" with Linux and Unix.
That
said, I'm very much open to building this IDS on the "ideal platform"
and
doing whatever research and testing is required to make it successful.I'mcomfortable with cli, but regardless of platform, I'd like to have a front-end that provides meaningful "quick-glance" information, and a waytosort through all the data.
_________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Beginner w/ IDS and snort Snail945 (Aug 23)
- Re: Beginner w/ IDS and snort Wesley Eddy (Aug 23)
- Re: Beginner w/ IDS and snort Mark Rowlands (Aug 24)
- Re: Beginner w/ IDS and snort Erek Adams (Aug 23)
- Re: Beginner w/ IDS and snort JP (Aug 23)
- Re: Beginner w/ IDS and snort Snail945 (Aug 23)
- Re: Beginner w/ IDS and snort Daniel Voyer (Aug 24)
- <Possible follow-ups>
- RE: Beginner w/ IDS and snort Steve Halligan (Aug 23)
- Re: Beginner w/ IDS and snort Wesley Eddy (Aug 23)