Re: Beginner w/ IDS and snort

["Snail945" <snail945 () yahoo com>]

thx.  I've gotten similar word of wisdom from some others off-line.  I
ordered a copy of freebsd today and will work with both it a linux RH7.  I
will probably have some questions on BSD setup.

thx again for the pointers.

byron
----- Original Message -----
From: "JP" <Theblahact () hotmail com>
To: "Snail945" <snail945 () yahoo com>; <snort-users () lists sourceforge net>
Sent: Thursday, August 23, 2001 6:00 PM
Subject: Re: [Snort-users] Beginner w/ IDS and snort


> Firstly, I'm not a religious zealot about any OS, I think they all have
> their purpose.
>
> What you need to consider is that you are building a security device, and
as
> such that device should be hardened. As you are a beginner your hardening
> skills will be minimal for Linux, so you want to go for a system that is
> secure out of the box. That being the case I would recommend one of the
> BSDs, probably OpenBSD as your starting point. I have not touched Linux
for
> a little while, but in my experience it tends to come out of the box with
> everything turned on. The BSDs tend to come out of the box with very
little
> turned on. Your learning curve will more than likely be a bit steeper with
a
> BSD for that reason.
>
> Note that I am by no means saying that you can not make Linux as secure or
> more secure that a BSD (not even intereseted in going there), but by
default
> you are less likely to get into trouble.
>
> If you have the capacity, set up a dual homed BSD box with a management
NIC
> in a separate DMZ (with no access to anything) and a stealth NIC on the
> outside of your network. At least that way if someone does manage to hack
> the machine you are not losing much (as long as you find out about it!).
>
> Hope that helps.
> JP
>
>
> ----- Original Message -----
> From: "Snail945" <snail945 () yahoo com>
>
>
> > Hello-
> >
> > I'm thinking about using either a Linux/SNORT/DEMARC solution or a
Windows
> > 2000/SNORT solution for the IDS.  I come from many years of
administering
> > Windows based systems and am very comfortable administering and securing
> > them, but am sorta a "beginner to intermediate" with Linux and Unix.
That
> > said, I'm very much open to building this IDS on the "ideal platform"
and
> > doing whatever research and testing is required to make it successful.
> I'm
> > comfortable with cli, but regardless of platform, I'd like to have a
> > front-end that provides meaningful "quick-glance" information, and a way
> to
> > sort through all the data.


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users