Snort mailing list archives
Re: Beginner w/ IDS and snort
From: "JP" <Theblahact () hotmail com>
Date: Fri, 24 Aug 2001 11:00:18 +1000
Firstly, I'm not a religious zealot about any OS, I think they all have their purpose. What you need to consider is that you are building a security device, and as such that device should be hardened. As you are a beginner your hardening skills will be minimal for Linux, so you want to go for a system that is secure out of the box. That being the case I would recommend one of the BSDs, probably OpenBSD as your starting point. I have not touched Linux for a little while, but in my experience it tends to come out of the box with everything turned on. The BSDs tend to come out of the box with very little turned on. Your learning curve will more than likely be a bit steeper with a BSD for that reason. Note that I am by no means saying that you can not make Linux as secure or more secure that a BSD (not even intereseted in going there), but by default you are less likely to get into trouble. If you have the capacity, set up a dual homed BSD box with a management NIC in a separate DMZ (with no access to anything) and a stealth NIC on the outside of your network. At least that way if someone does manage to hack the machine you are not losing much (as long as you find out about it!). Hope that helps. JP ----- Original Message ----- From: "Snail945" <snail945 () yahoo com>
Hello- I'm thinking about using either a Linux/SNORT/DEMARC solution or a Windows 2000/SNORT solution for the IDS. I come from many years of administering Windows based systems and am very comfortable administering and securing them, but am sorta a "beginner to intermediate" with Linux and Unix. That said, I'm very much open to building this IDS on the "ideal platform" and doing whatever research and testing is required to make it successful.
I'm
comfortable with cli, but regardless of platform, I'd like to have a front-end that provides meaningful "quick-glance" information, and a way
to
sort through all the data.
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Beginner w/ IDS and snort Snail945 (Aug 23)
- Re: Beginner w/ IDS and snort Wesley Eddy (Aug 23)
- Re: Beginner w/ IDS and snort Mark Rowlands (Aug 24)
- Re: Beginner w/ IDS and snort Erek Adams (Aug 23)
- Re: Beginner w/ IDS and snort JP (Aug 23)
- Re: Beginner w/ IDS and snort Snail945 (Aug 23)
- Re: Beginner w/ IDS and snort Daniel Voyer (Aug 24)
- <Possible follow-ups>
- RE: Beginner w/ IDS and snort Steve Halligan (Aug 23)
- Re: Beginner w/ IDS and snort Wesley Eddy (Aug 23)