Results 1 to 6 of 6

Thread: To snort or not to snort

  1. #1
    Senior Member Cemetric's Avatar
    Join Date
    Oct 2002
    Posts
    491

    Question To snort or not to snort

    Hello all,

    I would like to pose a question.

    I've been reading the threads (as much as I could) in the IDS-section but still I have a question about IDS.

    At home I have a small network which both my girlfriend and my parents use for workrelated stuff which has to do with money (it's a ligit bussines) ..let's keep it simple

    Now I want to secure this network as much as possible.

    I have a router with built in firewall from SMC and a cable connection connected to it.
    Now this firewall ..I don't know if it is something good or not and if I should put an extra one on each pc ..like zonealarm or something or not?

    Secondly as a form of extra security but also to study and learn from it I have 1 extra box with a PIII 550 and 128mb and 2 nic and W2K pro (but can be changed) which I would like to use for IDS.

    Now the Question about this is:

    Can I install Snort on it with MySQL and put 1 nic on the outside of the network (between the cablemodem and the router/firewall) and the other on the inside (behind the router/firewall) or do you guys think this machine isn't up for it or should I put it elsewhere ...as this isn't only to play around with I thought you experts out there could help me decide?

    Or as a final thougt should I loose the router/firewall and use something else entirely ...suggestions welcome.

    Hope you guys can help me decide here

    Thanks in advance.
    Back when I was a boy, we carved our own IC's out of wood.

  2. #2
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    Other than for hobby/learning purposes, I don't see great value in putting a sophisticated
    IDS on your HOME OFFICE LAN.

    You already have a router doing basic firewall tasks. Hopefully you dont pass any ports back into your LAN and use a DMZ if you are hosting any services.

    Use good virus software and safe Internet usage practices for email and whatnot.

    Run Antispyware on a regular basis.

    Software firewalls are a good idea in most cases. I feel they can be overkill at time.

    Consider something like smoothwall http://www.smoothwall.org to put infront of your current router. It has Basic snort install. It's easy to install and the iso download is small.

  3. #3
    i would suggest that you keep your hardware firewall.. but if your really into security put zonealarm on the other computers.

    now you said that you wanted to learn with this P3 with two NIC's.. its up to you but i would not reccomend it because it creats a bridge that could be used to hack your network if you do do this i would recomment getting a better firewall for that computer... however if you want to use it outside the network it could be a great learning expiriance


    thats my thought

  4. #4
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    Although i can understood wrong, your Nids should be installed in "parallel" with your firewall. That means, put the nids on the same network segment as your firewall, and configure your nids to capture all packets of network.
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  5. #5
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    With 2 NIC's, a cheap hub and two instances of Snort running to a MySQL database this will work. Make sure you unbind ALL protocols from the external interface. If you don't then it can become a bridge as untouchable said. Properly comfigured it's very, very difficult to detect by anyone.

    However, if you forward no ports and your firewall is doing it's job i wouldn't worry too much. Scan it from the outside and if it shows nothing open I would use the spare box for something else.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  6. #6
    Senior Member Cemetric's Avatar
    Join Date
    Oct 2002
    Posts
    491
    Ok, thanks for the input guys ...

    I'll have to do some more serious thinking about it some now
    Back when I was a boy, we carved our own IC's out of wood.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •