LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-30-2003, 02:56 PM   #1
zuessh
Member
 
Registered: Jun 2002
Location: USA
Distribution: Suse 8.0
Posts: 247

Rep: Reputation: 30
Talking Best Practice Question


This could be be answered with an opion or opion based on results... This could also be answered in a more detailed answer than I looking for. This more than likely has already been answered multiple times but I wanted to interact with the board If I have a web server behind a router that is forwarding all request to port 80 on my internal machine, and now I want to install an IDS and firewall solution to help protect the box, should I a) install everything on one box b) install the IDS on one box, the web and firewall on another, or c) install each on a seperate machine and put the firwall box behind the router but infront of the web server? Thanks in advance for the suggestions and thoughts. The server(s) will be slackware and the IDS will be snort, not settled on a firewall yet.
 
Old 04-30-2003, 04:56 PM   #2
cyberskye
Member
 
Registered: Feb 2003
Location: The City by the Bay
Posts: 116

Rep: Reputation: 15
I would put the IDS and a firewall on a diff box from the http server. I would also firewall the http server.

"Defense in Depth" The idea is to limit your exposure. Don't let an exploiut specific to Snort expose your webserver. You can't completely secure anything connected to the internet - you can make it as difficult as possible.

Skye
 
Old 05-02-2003, 11:20 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596
AFAIK the decision on placement of the NIDS depends on what you want to focus on (or not): if you need an unobstructed view, place the NIDS in front of router. If you don't need to focus on everything and also trust your fw from *never* being b0rken: between router and fw, else behind the fw. Other considerations for the NIDS being a separate box could be having a really fat pipe, extreme security considerations like you need the NIDS box to be protected against compromise itself or if you need sniffing in promiscuous mode but at the same time rely on promiscuous mode detection as a sign of compromise.

Cyberskye is also right about the Single Point of Failure thing, which basically means you should separate *all* elements plus restricting servers to a separate DMZ.
 
Old 05-02-2003, 12:46 PM   #4
Crashed_Again
Senior Member
 
Registered: Dec 2002
Location: Atlantic City, NJ
Distribution: Ubuntu & Arch
Posts: 3,503

Rep: Reputation: 57
If you can afford it I would go out and pick up the May issue of Linux Magazine. There is a great article on setting up snort as an IDS. It explains in depth the placement of a snort server in terms of your network architecture. Its well worth the read in my opinion.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Practice test hlinux Linux - Certification 4 06-30-2005 08:26 AM
practice linux hansi umayangan Linux - Newbie 3 03-01-2005 01:29 AM
Practice for programming? coolguy_iiit Programming 2 12-29-2004 02:07 PM
Best Practice for Crons? Rotwang Linux - General 1 10-15-2004 05:23 PM
RCS best practice? jonin Linux - Software 1 09-30-2004 06:54 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:29 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration