Date: Tue, 25 Mar 2003 14:18:24 -0500 (EST) From: "Nigel Houghton <nigel.houghton@sourcefire.com>" <nigel@sourcefire.com> To: GiZmen <gizmen@pals.one.pl> Cc: "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG> Subject: Re: your mail Message-ID: <Pine.LNX.4.53.0303251405250.388@enterprise.sfeng.sourcefire.com> In-Reply-To: <20030325190131.GA3776@blurp.one.pl> References: <20030325190131.GA3776@blurp.one.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
First URL is getting old, but is still pretty valid with useful links on the bottom: http://people.freebsd.org/~jkb/howto.html The best place to start with Snort: http://www.snort.org/docs/ I don't see a real need for portsentry if you are using Snort, Kris mentioned Snort reacting to portscans in his mail, you need to look at enabling flexresponse if you want to do that. There are *many* add-ons available for Snort, check out the Snort web site for details. You might want to enable ipfw (or some firewall of your choice) and employ the judicious use of rules. Use Snort to monitor the network. The thing is, it really all depends on your setup, do you use a single host or do you have a small home network, do you serve up web sites or run a mail server, do you require remote access to your hosts or local only? All these things (and many others) have an impact on what you should be looking at to secure your environment. My advice would be to think about what you want to achieve, write down everything you want to do and explore solutions. Google is your friend. I believe you said: :> :> > Apples and oranges :) :> > :> > In brief: :> > :> > Portsentry listens for connections on various ports and can respond to :> > portscanning attempts. :> > :> > Snort is a lightweight IDS that you can use to detect miscreant behaviour :> > directed at your network. :> > :> > Both will generate logs for your perusal. :> > :> > :> > :Hi everyone, :> > : :> > :Can anybody write something about these two IDS. :> > :I dont know which one is better for freebsd 5.0 :> > :Im red something about these programs and i dont know which to chose on by :> > :freebsd box. :> > :I heard that snort is recommendet software for FBSD is that true ? :> > : :> > :Thanks for any sugestions. :> > : :> ---end quoted text--- : : hmm thanks, so it is good to have both of these programs on my box? : : Can you write me what others programs you recommend to improve security of my box. : Maybe you know some articles about that. : : thx : : -- : Best Regards: : GiZmen : : :To Unsubscribe: send mail to majordomo@FreeBSD.org :with "unsubscribe freebsd-security" in the body of the message : To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.53.0303251405250.388>