LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Need IDS if using IPtables/Firewall??
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-06-2004, 11:44 AM   #1
schteelhead
LQ Newbie
 
Registered: Aug 2004
Location: 32.47 / -86.44
Distribution: Slack10, W2k
Posts: 21

Rep: Reputation: 15
Need IDS if using IPtables/Firewall??

Howdy,

I have got my Slack 10 install on the net, running fine on dial-up right now, and am using Firestarter as a firewall front end. I am also using chkrootkit as the second leg in my security stance.

My question is: Do I actually need to use an intrusion detection utility like snort, or a file integrity checker like tripwire, in addition to these first steps??

I want to have a fairly secure system, but I am not overly paranoid unless someone here convinces me to be otherwise.

If I have have any obvious misperceptions please correct me, I am a Linux newcomer, and don't really know much of what I am talking about here.

Thank you, Head
 
Old 11-06-2004, 12:28 PM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally posted by schteelhead
Do I actually need to use an intrusion detection utility like snort, or a file integrity checker like tripwire, in addition to these first steps??
it depends on what the box or network is doing and how valuable the data on it is... for the average joe using linux on the desktop, tools like tripwire and snort are nothing but optional security enhancements... on the other hand, for a system administrator at the local hospital (for example), they might be required tools... and depending on their level of paranoia they might even use an application gateway:

http://www.balabit.com/products/zorp_gpl/

=)


oh, by the way, check-out rootkit hunter, i think it's got some edge over chkrootkit:

http://www.rootkit.nl


and it's also a good idea to subscribe to the slackware security mailing list:

http://www.slackware.com/lists/

Last edited by win32sux; 11-06-2004 at 06:19 PM.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables with iptables-firewall.conf arno's matt3333 Slackware 16 06-28-2007 07:20 AM
Firewall & IDS GUI alerts on KDE: I want them! AvatarofVirgo Linux - Security 2 02-22-2005 07:38 PM
Stealth Firewall, IDS, and syslog server? OlRoy Linux - Security 8 11-08-2003 04:10 PM
help about IDS and firewall Babba Linux - Security 2 02-11-2003 05:35 AM
GUI Firewall/IDS netmatrix0 Linux - Security 7 12-07-2002 09:18 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:45 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration