Item #1 - RH9 is obsolete. You may not be able to harden the OS
sufficiently to do what you need to do safely.
Item #2 - RH, unless you go to a lot of extra trouble, tends to install
a lot of things that really aren't ideal on any server, much less one
being used a security appliance.
Item #3 - The BSD's do a much better of job of only installing what's
necessary to bring the box up (i.e. kernel and necessary bits of the OS)
.
When I'm setting up a box to be used as a security appliance, I make
sure that I have the lasted versions of everything, unless they have
some known issue that makes them undesirable. I also make sure that
anything I can build from source, I do so since I prefer to do custom
configs instead of pre-installed packages. I also don't like having to
either go in and uninstall a bunch of crap or spend a lot of valuable
time configuring the OS installer in the first place. When I first
bring a box up, the ONLY thing I want is a blinking command prompt. I
really don't care about a GUI, games, web server, etc. If I want them,
I will install them. The FIRST rule of security is that if it's not
installed, it's not a problem.
Just my 2 cents....
Thanks,
Ms. Jimi Thompson
Manager of Web Operations
SMU Cox School of Business
If computers get too powerful, we can organize them into a committee --
that will do them in. -- Bradley's Bromide
________________________________
From: snort-sigs-admin@lists.sourceforge.net
[mailto:snort-sigs-admin@lists.sourceforge.net] On Behalf Of Murali Raju
Sent: Monday, October 24, 2005 7:05 AM
To: Michael Mulholland
Cc: Snort-sigs@lists.sourceforge.net
Subject: Re: [Snort-sigs] Rebuilding snort server and sensors
1. Linux - if you want to use the libpcap that employs a shared mem ring
buffer (http://public.lanl.gov/cpw/)..
2. FreeBSD - with device_polling configured can help speed up packet
capturing in addition to speed and stability...
3. OpenBSD - lean with many security features, including the new heap
protection and other defense against ICMP based attacks available on
release 3.8....the de facto for security appliances in my opinon.
I use and prefer the BSDs over Linux any day...
Cheers,
_Raju
On 10/24/05, Michael Mulholland <Michael.Mulholland@dfpni.gov.uk> wrote:
folks
i'm intent on rebuilding our existing snort setup from RH9 and was
wondering what platform you'd recommend
thanks
michael mulholland
************************************************************************
*******************
Any views expressed by the sender of this message are not necessarily
those of the Department of Finance & Personnel or The Office Of the
First
Minister and Deputy First Minister. This email and any files
transmitted
with it are intended solely for the use of the individual or entity to
whom
they are addressed. If you have received this email in error please
notify
the sender immediately by using the reply facility in your email
software.
All emails are swept for the presence of viruses.
************************************************************************
*******************
-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
--
May the packets be with you.
