Snort mailing list archives

Previous By Date Next
Previous By Thread Next

3. Re: Snort acting as a firewall ????????? (Frank Knobbe)

From: "Jessup, Justin" <Justin.Jessup () usdoj gov>
Date: Fri, 8 Nov 2002 13:57:07 -0500
you cannot make snort act as a true firewall
however snort in combination, with guardian, and a true ipfilter, pf, or iptables, or ipchains based firewall, adds to 
the firewall capability.
so if you have a firewall, plus snort, plus guardian to augment your firewall, it is similar to the former cisco 
netranger combined with a cisco PIX firewall (proprietary name has since changed)
if you also use hostsentry on all your unix systems
will add to your IDS detection system
firewall

so snort for your NIDs
psionic hostsentry for the host based IDS
you could also user portsentry for an added host based mini real time agent that blocks malicious activity to 
individual systems. 
over all you want to look at the defense in depth solution
firewall
patches/updates to system OSs,
OS hardening,
NIDS
HIDS
encrypted traffic between subnets with IPsec VPN gateways
PKI
etc etc .....

however note that defense in depth can also defeat itself
if you have more infosec solutions implimented than you can realistically support
well then they are basically worthless and in some cases can be used against you
if someone were to break into the system running snort/guardian and added their IP address to the guardian.ignore file 
and you have more infosec solutions implimented than you can monitor and support and keep on top of 
well you get the picture i am sure
always remember
infosec is more about common sense than anything mysterious
and stick to the keep it simple philosophy
there is always something to be said about the zen approach
jj


-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm 
Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: