Re: snort or tripwire, which is best?
From: Proteus (proteus_at_uselessemail.net)
Date: Wed, 07 Sep 2005 12:46:20 -0500
On Wed, 07 Sep 2005 15:39:09 +0000, Rod Smith wrote:
> Correct. Snort *might*, though, alert you to an intruder BEFORE the
> intruder has a chance to alter that system file. Whether or not Snort does
> this depends on how Snort is configured and how the intruder attempts to
> break in.
I think I will skip then installing tripwire or snort (just returned Snort
book to Barnes and Noble)-- I figure I know just enought to install them
and likely harm my system somehow. I have enough to learn just learning
firewall, NAT router, nmap, nessus, etc.
> For a home or small office system (which is what it sounds like yours is,
> although you didn't say explicitly), your single best security step is to
> put your computer(s) behind a NAT router. This device will block incoming
> connection attempts unless you explicitly enable them. AFAIK, such access
> attempts are the main source of compromise for Linux systems (as opposed
> to the e-mail worms that run rampant in Windows-land). Snort and Tripwire
> are certainly useful, but they're also a bit of a pain to set up and use,
> and they're both monitoring tools -- they can't block accesses the way a
> NAT router or even local firewall rules can do.
I have a LinkSys Wireless-B router, plus Guarddog software firewall. I
also ran bastille to harden my system somewhat. I am not exactly sure what
a NAT router is-- is that something I should buy to replace my Linksys
router, and if so any recommended brand/models?