Re: Securing a Snort machine

[Michael Anderson <mca () arlut utexas edu>]

You can configure an IPless interface by bringing the interface up 
without an ip.  You should also specify that you don't want to respond 
to arps with this interface.  I seem to recall that an IPless interface 
will still try and respond to arps.
So type: ifconfig eth? up -arp
Where eth? is your interface.  I'm not sure about Webmin.

-Mike

Elvira_Byrnes () mobileinnovations com au wrote:

> Thanks a lot for your suggestions. What is the proper way to configure 
> an IPless interface on the RedHat? Is it safe to run Webmin on that box?
>  
> Thanks a lot.
>  
> Regards
>  
> Elvira
>
>     -----Original Message-----
>     From: Semerjian, Ohanes [mailto:ohanes.semerjian () au mci com]
>     Sent: Thursday, 17 April 2003 3:06 PM
>     To: 'Elvira_Byrnes () mobileinnovations com au';
>     snort-users () lists sourceforge net
>     Subject: RE: [Snort-users] Securing a Snort machine
>
>     Best way is to :
>      
>     1. use IPless interfaces (specially one on Internet ) except the
>     one that will use it to connect to the box ( which is best to be
>     located internally).
>     2. Use ssh to connect to the box via the internal interface on the
>     LAN.
>     3. Close all ports (via shutting down ports and stopping scripts
>     that are not need to be run on the box) except for ssh.
>     4. Scan the box to find out if you do have any ports open other
>     than ssh.
>      
>
>     Best Regards
>
>     Ohanes Semerjian
>     Security Engineer, AsiaPac
>     International Security Group  (Central Services)
>     WorldCom International
>
>     Ph:(02) 9434 5636
>     Mob: 0410 657 249
>
>     PGP kEY
>     75DF 2980 5663 2DC1 12CD  E43E 94D6 7A9A 222D 3449
>
>         -----Original Message-----
>         From: Elvira_Byrnes () mobileinnovations com au
>         [mailto:Elvira_Byrnes () mobileinnovations com au]
>         Sent: Thursday, 17 April 2003 2:08 PM
>         To: snort-users () lists sourceforge net
>         Subject: [Snort-users] Securing a Snort machine
>
>         Hi Everybody
>          
>         I have installed Snort and now want to make the machine
>         secure. Snort will be listening on border attacks (outside the
>         network), on the dmz, and inside the lan.
>          
>         What is the best way of doing it on RedHat 8.0 and 9.0?
>          
>         Thanks a lot.
>          
>         Elvira
>          
>
>
>         ******************** Confidentiality Statement
>         ***************************
>
>
>         This message contains privileged and confidential information
>         intended only for the use of the addressee named above. If you
>         are not the intended recipient of this message, you must not
>         disseminate, copy or take any action in reliance on it. If you
>         have received this message in error, please delete it from
>         your system and notify the sender immediately. Any views
>         expressed in this message are those of the individual sender,
>         except where the sender specifically states them to be the
>         view of the company.
>
>
>
>
> ******************** Confidentiality Statement 
> ***************************
>
>
> This message contains privileged and confidential information intended 
> only for the use of the addressee named above. If you are not the 
> intended recipient of this message, you must not disseminate, copy or 
> take any action in reliance on it. If you have received this message 
> in error, please delete it from your system and notify the sender 
> immediately. Any views expressed in this message are those of the 
> individual sender, except where the sender specifically states them to 
> be the view of the company.