Re: Spare server - OpenBSD+snort. Good choice or is there an alternative?
From: Andrew (ardii_at_NOyahooSPAM.com)
Date: 12/15/03
- Next message: sponge: "Re: Spare server - OpenBSD+snort. Good choice or is there an alternative?"
- Previous message: K2NNJ: "Re: Software Firewall or NAT Router or Both?"
- In reply to: Mailman: "Re: Spare server - OpenBSD+snort. Good choice or is there an alternative?"
- Next in thread: sponge: "Re: Spare server - OpenBSD+snort. Good choice or is there an alternative?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 15 Dec 2003 11:40:41 +1000
Thanks man
Yeah, I forgot about OpenBSD only supporting one cpu but remembered that
over the weekend. I think I will use one of the old development boxes and
put OBSD on there as the firewall. I am very impressed with OBSD's pf
capabilities. Most impressive and better than many of the more expensive
options that are out there.
As for the IDS, I am going to use (again) an old development box and snort
but using a stealth eth card. Am actually going to switch the log server to
a passive card as well as detailed in this article:
http://www.linuxjournal.com/article.php?sid=6222
All the best
Andrew
"Mailman" <mailman@anonymous.org> wrote in message
news:3fd98110_5@corp.newsgroups.com...
> > 1. We have a 10Mbps internet link that is pretty busy most of the time,
is
> > the spare system going to be able to "snort" the link without degrading
> > web performance for our users?
> > 2. Should the firewall only be a firewall or is having a NIDS on the
> > firewall a viable option?
> > 3. If in answer to (2) you say that the two should be split, what is the
> > best place to put the NIDS? I was thinking:
> >
> > [Internet] ---- Router ---- Firewall ---- NIDS ---- Switch (web,
mail,
> > other "external" servers and firewall/NAT server for internal LAN
> > connected to this)
> >
> > Your assistance is greatly appreciated.
> >
> > Andrew
> > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> > To reply please remove the NO & SPAM from my email address or
> > reply in here so everyone can learn from my mistakes! ;)
> > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>
> Not a very good idea:
>
> - OpenBSD is a great system, but it can't use more than one CPU. The
second
> one would just be idle.
> - running an IDS on the same box as the firewall is not good - the IDS may
> introduce its own set of vulnerabilities (see the recent problems with
> Snort)
>
> As to your specific questions:
>
> 1. An IDS cannot slow down a network - it is completely passive (it just
> listens to the packets as they go over the wire).
>
> 2. The firewall should be separate from everything!
>
> 3. traditionally you only care about what happens behind the firewall
> (that's where the packets are actually dangerous). However, if your
purpose
> is job security/impressing the boss, and IDS on the Internet side is much
> more effective ("Today we have identified 287 attacks and here is the
> pie-chart showing their types and characteristics").
> --
> Mailman
>
>
> -----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
> http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
> -----== Over 100,000 Newsgroups - 19 Different Servers! =-----
- Next message: sponge: "Re: Spare server - OpenBSD+snort. Good choice or is there an alternative?"
- Previous message: K2NNJ: "Re: Software Firewall or NAT Router or Both?"
- In reply to: Mailman: "Re: Spare server - OpenBSD+snort. Good choice or is there an alternative?"
- Next in thread: sponge: "Re: Spare server - OpenBSD+snort. Good choice or is there an alternative?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
