LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Snort Configuration
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-20-2004, 07:46 AM   #1
ppuru
Senior Member
 
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 50
Snort Configuration

Which one is a better (secure) configuration

SnortEnd
-------------
System - with 2 NICs
External NIC - no IP
Internal NIC - LAN IP
OS - Linux/OpenBSD
Snort with mysql configured as client

BackEnd
------------
System with 1 NIC
OS -Linux/OpenBSD
MySQL server
ACID & related software (JPGraph, AdoDB ...)
Apache, PHP

OR

Everything on one system
-----------------------------------
System - with 2 NICs
OS - Linux/OpenBSD
External NIC - no IP
Internal NIC - LAN IP
MySQL server
ACID & related software
Apache, PHP
 
Old 06-20-2004, 09:06 AM   #2
Technonotice
Member
 
Registered: Mar 2004
Location: UK
Distribution: Debian Unstable
Posts: 58

Rep: Reputation: 15
The point of least security is where your Snort box or the box doing the analysis is connected to a nonsecure environment (possibly your LAN). In your case, I would say having the second config, all on one box is more secure - provided it had the LAN card removed. The LAN card would be the point of least security in both setups as it's an open, configured interface to the network.

The best Snort config you could get (AFAIK) would be to put a box with just one NIC, unconfigured, onto the place you want to watch. Any direct network access to the box would be a possible point of weakness.

And in fact, if you chose the split configuration with a new, private LAN between the Snort PC and the ACID one, there's another possible chance for an attacker to gain access.
Last edited by Technonotice; 06-20-2004 at 09:13 AM.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Snort configuration question. reesee Linux - Security 3 01-26-2006 04:26 PM
Error when starting up snort: bash:!/bin/sh/usr/local/bin/snort :Eent not found cynthia_thomas Linux - Software 1 11-11-2005 02:59 PM
snort failed: snort: symbol lookup error: undefined symbol: usmAES192PrivProtocol Emmanuel_uk Linux - Security 1 07-10-2005 10:29 AM
snort snort.conf help crealkiller175 Linux - Software 1 03-08-2003 05:58 PM
Snort configuration/ rules file bripage Linux - General 2 09-26-2002 04:52 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:26 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration