Re: snort or tripwire, which is best?

From: Proteus (proteus_at_uselessemail.net)
Date: 09/07/05

  • Next message: Pierre Asselin: "Re: snort or tripwire, which is best?" 
    Date: Wed, 07 Sep 2005 12:46:20 -0500

    On Wed, 07 Sep 2005 15:39:09 +0000, Rod Smith wrote:
    ..
    > Correct. Snort *might*, though, alert you to an intruder BEFORE the
    > intruder has a chance to alter that system file. Whether or not Snort does
    > this depends on how Snort is configured and how the intruder attempts to
    > break in.
    >

    I think I will skip then installing tripwire or snort (just returned Snort
    book to Barnes and Noble)-- I figure I know just enought to install them
    and likely harm my system somehow. I have enough to learn just learning
    firewall, NAT router, nmap, nessus, etc.

    > For a home or small office system (which is what it sounds like yours is,
    > although you didn't say explicitly), your single best security step is to
    > put your computer(s) behind a NAT router. This device will block incoming
    > connection attempts unless you explicitly enable them. AFAIK, such access
    > attempts are the main source of compromise for Linux systems (as opposed
    > to the e-mail worms that run rampant in Windows-land). Snort and Tripwire
    > are certainly useful, but they're also a bit of a pain to set up and use,
    > and they're both monitoring tools -- they can't block accesses the way a
    > NAT router or even local firewall rules can do.

    I have a LinkSys Wireless-B router, plus Guarddog software firewall. I
    also ran bastille to harden my system somewhat. I am not exactly sure what
    a NAT router is-- is that something I should buy to replace my Linksys
    router, and if so any recommended brand/models?

  • Next message: Pierre Asselin: "Re: snort or tripwire, which is best?"

    Relevant Pages

    • Re: Dynamic Firewall/IDS System
      ... > (firewall, IDS, etc.) and reacting appropriately could be a good thing. ... > I don't think this is a description of snort. ... the network guys from the colo -- that they get or got attacked. ... we deploy packet filter log rules that indicate the attack. ...
      (FreeBSD-Security)
    • Re: Linux firewall/IDS/NAT suggestions
      ... > Should snort be running on the firewall machine or another machine? ... should I put the firewall and IDS box on a hub as the first ... other connected to a private net logging to a db that only has a private ... > a malicious attacker cannot hide rule changes? ...
      (Focus-Linux)
    • Re: Snapgear and SNORT
      ... >> using Snort with a firewall. ... > firewalls and they both use Snort. ... Thank you, John! ... dedicated server machine now, Apache, Email, DNS... ...
      (comp.security.firewalls)
    • Re: Need help, ask for your advice
      ... All Snort can do is alert. ... blocks the IP in question (much like BlackIce does). ... And snort is not a firewall it's an NIDS. ...
      (comp.security.firewalls)
    • IDS and Firewall on the same =but> POWERFULL BOX
      ... deploying Firewall (such as ipchains/iptables or Checkpoint FW & IDS ... lets say checkpoint and snort together. ... they can not make use of both CPU at the same time, ...
      (Focus-IDS)