Hosting Provided By

Re: Setting up an IDS system

From: Frank Barton <pauling(at)starwolf.biz>
Date: Fri Jan 31 2003 - 21:50:48 EST

Depending on how you set it up, I would say yes, also limit the users that can log in remotely. also concider using a remote log tool, such as remote syslogd, to avoid that need
none and yes. Ideally, you don't want the IDS station to be seen at all from the outside, concider using a one-way ethernet cable (recieve no-send) on the listening interface. Of course for this, you would need a second interface to connect to your network for either remote log-in or remote syslogd or whatever logging facility you're using
It is a good idea, I don't remember the statistic right now, but a large percentage of all attacks come from inside your network. Once again, ideally, the internal IDS shouldn't be detectable, but I see no problems running it physically on the same box on a seperate interface, provided you're using the afore-mentioned one-way ethernet cable.

Other suggestions, Nothing comes to mind, but depending on the size and topology of your network, you may want to carfully concider where you want to put internal IDSs.

On Fri, Jan 31, 2003 at 09:34:19AM -0800, Naman Latif wrote:
>
> Hi,
> I am in the process of setting up and IDS system using Linux\Snort in

-- 
Frank Barton
Starwolf.biz Systems Administrator

application/pgp-signature attachment: stored

Received on Mon Feb 3 14:11:19 2003

This message: [ Message body ]
Next message: Trevor Cushen: "RE: security scenario"
Previous message: Johan De Meersman: "Re: security scenario"
In reply to Naman Latif: "Setting up an IDS system"
Next in thread: theog: "Re: Setting up an IDS system"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:03:42 EDT