Snort mailing list archives

RE: Securing a Snort machine

From: Elvira_Byrnes () mobileinnovations com au
Date: Thu, 17 Apr 2003 15:36:18 +1000

Thanks a lot for your suggestions. What is the proper way to configure an
IPless interface on the RedHat? Is it safe to run Webmin on that box?
 
Thanks a lot.
 
Regards
 
Elvira

-----Original Message-----
From: Semerjian, Ohanes [mailto:ohanes.semerjian () au mci com]
Sent: Thursday, 17 April 2003 3:06 PM
To: 'Elvira_Byrnes () mobileinnovations com au';
snort-users () lists sourceforge net
Subject: RE: [Snort-users] Securing a Snort machine


Best way is to :
 
1. use IPless interfaces (specially one on Internet ) except the one that
will use it to connect to the box ( which is best to be located internally).
2. Use ssh to connect to the box via the internal interface on the LAN.
3. Close all ports (via shutting down ports and stopping scripts that are
not need to be run on the box) except for ssh.
4. Scan the box to find out if you do have any ports open other than ssh.
 

Best Regards 

Ohanes Semerjian 
Security Engineer, AsiaPac 
International Security Group  (Central Services) 
WorldCom International 

Ph:(02) 9434 5636 
Mob: 0410 657 249 

PGP kEY 
75DF 2980 5663 2DC1 12CD  E43E 94D6 7A9A 222D 3449 

-----Original Message-----
From: Elvira_Byrnes () mobileinnovations com au
[mailto:Elvira_Byrnes () mobileinnovations com au]
Sent: Thursday, 17 April 2003 2:08 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Securing a Snort machine


Hi Everybody
 
I have installed Snort and now want to make the machine secure. Snort will
be listening on border attacks (outside the network), on the dmz, and inside
the lan.
 
What is the best way of doing it on RedHat 8.0 and 9.0?
 
Thanks a lot.
 
Elvira
 



******************** Confidentiality Statement *************************** 


This message contains privileged and confidential information intended only
for the use of the addressee named above. If you are not the intended
recipient of this message, you must not disseminate, copy or take any action
in reliance on it. If you have received this message in error, please delete
it from your system and notify the sender immediately. Any views expressed
in this message are those of the individual sender, except where the sender
specifically states them to be the view of the company.




******************** Confidentiality Statement *************************** 

This message contains privileged and confidential information intended only
for the use of the addressee named above.  If you are not the intended
recipient of this message, you must not disseminate, copy or take any action
in reliance on it.  If you have received this message in error, please
delete it from your system and notify the sender immediately.  Any views
expressed in this message are those of the individual sender, except where
the sender specifically states them to be the view of the company.

Current thread:

Securing a Snort machine Elvira_Byrnes (Apr 16)
- Re: Securing a Snort machine Patrick S. Harper (Apr 16)
- <Possible follow-ups>
- RE: Securing a Snort machine Elvira_Byrnes (Apr 16)
  - Re: Securing a Snort machine Michael Anderson (Apr 17)
  - RE: Securing a Snort machine Matt Kettler (Apr 17)
    - Re: Securing a Snort machine Saad Kadhi (Apr 18)
    - Performance Bottleneck Daniel R. Miessler (Apr 18)
- RE: Securing a Snort machine Elvira_Byrnes (Apr 16)
- RE: Securing a Snort machine Semerjian, Ohanes (Apr 17)
- RE: Securing a Snort machine Semerjian, Ohanes (Apr 17)
- Re: Securing a Snort machine M M (Apr 17)
- RE: Securing a Snort machine Dean Scott (Apr 17)
- RE: Securing a Snort machine Elvira_Byrnes (Apr 22)