RE: AW: Barnyard newbie questions.

["Truax, Shawn (MBS)" <Shawn.Truax () mbs gov on ca>]

Hi Shaun,

My suggestion (and what I do) is have the monitor interface on a span port
on the switch in the DMZ, but have the management interface on a switch
inside the LAN.  Lock down the monitor interface with iptables and it is
almost undetectable to anyone.  By doing this I have by-passed all firewall,
vpn, or other issues that may arise.  I realize this may not be a viable
solution but I suggest it just incase.

If you are concerned about security I can email you a list of things to do
to secure the sensor that I have done.

Shawn Truax
Security Specialist
Corporate Security
155 University Ave.
Toronto, Ontario
M5H 3B7
(416)327-1107


-----Original Message-----
From: Shaun T. Erickson [mailto:ste () smxy org]
Sent: June 10, 2004 9:48 AM
To: Maetzky, Steffen (Extern)
Cc: 'Lance Boon'; snort-users () lists sourceforge net
Subject: Re: AW: [Snort-users] Barnyard newbie questions.


Maetzky, Steffen (Extern) wrote:
> Google for "Tunneling MySQL Over SSH", this article should help.

This is not going to be a workable solution for me, as the sensor is in 
my DMZ and the acid server is on my LAN and nothing is allowed to ssh 
from the DMZ to the LAN.

Is there now way to just have barnyard securely connect to mysql, on 
it's own?

        -ste


-------------------------------------------------------
This SF.Net email is sponsored by: GNOME Foundation
Hackers Unite!  GUADEC: The world's #1 Open Source Desktop Event.
GNOME Users and Developers European Conference, 28-30th June in Norway
http://2004/guadec.org
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users