Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IDS and Firewall

From: Matt Kettler <mkettler () evi-inc com>
Date: Wed, 28 Apr 2004 11:05:58 -0400
At 03:34 AM 4/28/2004, Kernel The Canine wrote:

Hello

I'm running shorewall.net as my firewall, on RedHat
linux box version 9.0

Is it recommended to run on it snort (on the same box)
or should I run it on another computer
Several user's replied citing resource problems doing this. However, nobody mentioned the obvious that every firewall admin should know. 

SECURITY matters.
Never run any network applications on your firewall box. No mailservers, webservers, dns servers, and not snort either.
Why? Because if someone exploits snort (ie: the old stream4 vulnerability), or any other program on your firewall box, they now have control of your firewall machine. At that point, you have no firewall at all.
You really should treat a firewall box as a firewall-only system if you want it protect you in the event of an attack. Severs, IDS's, etc are best placed on other boxes so that an exploit of one doesn't bring the entire security of your network down as a hacker digs your firewall apart from the inside out. 


-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: