mailing list archives
Re: Setting up an IDS system
From: Gene Yoo <gyoo () attbi com>
Date: Sat, 01 Feb 2003 09:19:58 -0800
Naman Latif wrote:
I am in the process of setting up and IDS system using Linux\Snort in
DMZ. A couple of questions regarding this
1. Is it a safe practice to have access to this system from Inside
Network (for retrieving log files etc) from 1-2 Stations ? Ofcourse IDS
won't have access to inside network and be blocked by Firewall.
2. What kind of services should be running on IDS Station ? Should all
Web\FTp etc services be stopped ?
3. How important it is to also have an IDS system monitoring the traffic
on your Inside Network ? I believe it won't be a good idea to have the
SAME DMZ IDS system with another NIC monitoring Inside Network Traffic ?
Any other suggestions OR any Links that I can refer to ?
Regards \\ Naman
naman, you should look at snort forum for your answer, it is very active
and should answer most of your question including how to setup snort
search for your question or subscribe to the mailing list. good luck.
<gyoo [at] attbi [dot] com>
-----BEGIN PGP SIGNED MESSAGE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
-----END PGP SIGNATURE-----