Re: [Snort-users] Snort start up on Multiple interface
This is a discussion on Re: [Snort-users] Snort start up on Multiple interface within the Snort forums, part of the System Security and Security Related category; On Apr 28, 2004, at 4:23 PM, Matt Kettler wrote: > At 04:40 PM 4/28/2004, Edin ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-29-2004
|
|||
|
|||
Re: [Snort-users] Snort start up on Multiple interface
On Apr 28, 2004, at 4:23 PM, Matt Kettler wrote: > At 04:40 PM 4/28/2004, Edin Dizdarevic wrote: > >> > You mean you don't chroot your snort instances? :) >> >> Why should I do that on an SELinux? ;) > > Clearly you're not sufficiently paranoid, as a good SELinux user would=20= > chroot anyway. After all, mistakes can be made in MAC configurations=20= > :) > > They'd also: > use a read-only network tap > make sure the kernel is compiled without loadable module=20 > support > compile snort with some form of stack-overflow detector=20 > enhanced gcc > make sure that snort box was not able to talk to hosts outside=20= > your network, not even for http download, no matter what user tries.=20= > (ie: firewall enforced) > make sure the snort box cannot relay email through your=20 > mailserver to hosts outside your network. > make sure the snort box cannot perform DNS resolution of=20 > outside zones (dig www.snort.org should fail). > wrap the entire machine in 5 layers of copper foil, making=20 > sure to cover up the LEDs, monitor, and keyboard in the process You left out the operator/sysadmin enhancements: http://www.stopabductions.com/ > disconnect the machine from all power or network connections=20= > and burry it in 6 feet of concrete with no cables coming out. > > But it's all a matter of how paranoid you want to be. My real point is=20= > that it never hurts to be oversecure unless you're loosing=20 > functionality you need. > > Clearly chrooting under selinux is a bit redundant, but it doesn't=20 > hurt useful functionality, and protects you from mistakes so it does=20= > add some security. > > > > > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: Oracle 10g > Get certified on the hottest thing ever to hit the market... Oracle=20 > 10g. Take an Oracle 10g class now, and we'll give you the exam FREE.=20= > http://ads.osdn.com/?ad_id=3D3149&al...166&op=3Dclick > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...=3Dsnort-users > > Milo Velimirovi=C4=87 <milov "at" uwlax "dot" edu> Unix Computer Network Administrator University of Wisconsin - La Crosse La Crosse, Wisconsin 54601 USA 43 48 05 N 91 14 22 W There are 10 different types of people in the world. Those who can read binary and those who can't. ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
