Re: Running snort on a firewall - advisable?
Honestly I believe this is a judgement call... Without giving
full details of my internal network topography I do run Snort on my
firewall/gateway machine as it is the only machine that has access to
check attempts to my external IP addresses.
I do however setup additional security configurations on this
machine along with other steps to ensure it's integrity... So like I
said it is a judgement call...
Jeremy
On Tue, Apr 02, 2002 at 10:40:25AM -0500, Nick Busigin wrote:
> I had a discussion recently with a fellow sysadmin regarding the wisdom
> of running snort on a firewall machine. He claimed that it was a bad
> idea as it required placing the interface into promiscuous mode and that
> if the site was hacked into, it provided the hacker with a ready made
> way to sniff packets. My view is that if you've been hacked, it doesn't
> matter. What is the prevailing wisdom? Do you run IDS software on your
> firewall or do you prefer to have your firewall do all your logging and
> then analyze your firewall logs?
>
> Nick
>
> --------------------------------------------------------------------------
> Nick Busigin ...Sent from my Debian/GNU Linux Machine... nick@xwing.org
>
> To obtain my pgp public key, email me with the subject: "get pgp-key"
> --------------------------------------------------------------------------
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: