RE: securing nic's for snort

From: Renaud, Andre (Andre.Renaud@hp.com)
Date: 05/27/02


Date: Tue, 28 May 2002 09:42:44 +1200
From: "Renaud, Andre" <Andre.Renaud@hp.com>
To: <focus-linux@securityfocus.com>

One of the easiest ways is to simply not give the card an IP address,
it can still go into promiscuous mode, and works fine under snort
(I believe). It does limit you slightly, you can't run any services off
this card - it is really only applicable if the snort box is attached
to a second network (or you work locally on it a lot).

Andre

-----Original Message-----
I would like to start using snort IDS. I have a linux box all built and
hardened (per much of the this list's guidance!) but now would like to
know how to *truly* secure my second network card that will have snort
listening on. What are a few things I should bear in mind when "locking
down" this card? What makes the card "stealth?"