Snort mailing list archives

Re: Beginner w/ IDS and snort

From: "JP" <Theblahact () hotmail com>
Date: Fri, 24 Aug 2001 11:00:18 +1000

Firstly, I'm not a religious zealot about any OS, I think they all have
their purpose.

What you need to consider is that you are building a security device, and as
such that device should be hardened. As you are a beginner your hardening
skills will be minimal for Linux, so you want to go for a system that is
secure out of the box. That being the case I would recommend one of the
BSDs, probably OpenBSD as your starting point. I have not touched Linux for
a little while, but in my experience it tends to come out of the box with
everything turned on. The BSDs tend to come out of the box with very little
turned on. Your learning curve will more than likely be a bit steeper with a
BSD for that reason.

Note that I am by no means saying that you can not make Linux as secure or
more secure that a BSD (not even intereseted in going there), but by default
you are less likely to get into trouble.

If you have the capacity, set up a dual homed BSD box with a management NIC
in a separate DMZ (with no access to anything) and a stealth NIC on the
outside of your network. At least that way if someone does manage to hack
the machine you are not losing much (as long as you find out about it!).

Hope that helps.
JP


----- Original Message -----
From: "Snail945" <snail945 () yahoo com>

Hello-

I'm thinking about using either a Linux/SNORT/DEMARC solution or a Windows
2000/SNORT solution for the IDS.  I come from many years of administering
Windows based systems and am very comfortable administering and securing
them, but am sorta a "beginner to intermediate" with Linux and Unix.  That
said, I'm very much open to building this IDS on the "ideal platform" and
doing whatever research and testing is required to make it successful.

I'm

comfortable with cli, but regardless of platform, I'd like to have a
front-end that provides meaningful "quick-glance" information, and a way

to

sort through all the data.



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Beginner w/ IDS and snort Snail945 (Aug 23)
- Re: Beginner w/ IDS and snort Wesley Eddy (Aug 23)
  - Re: Beginner w/ IDS and snort Mark Rowlands (Aug 24)
- Re: Beginner w/ IDS and snort Erek Adams (Aug 23)
- Re: Beginner w/ IDS and snort JP (Aug 23)
  - Re: Beginner w/ IDS and snort Snail945 (Aug 23)
- Re: Beginner w/ IDS and snort Daniel Voyer (Aug 24)
- <Possible follow-ups>
- RE: Beginner w/ IDS and snort Steve Halligan (Aug 23)