OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Ed Padin (ohdamnthathurtsyahoo.com)
Date: Fri Apr 27 2001 - 10:45:19 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Encryption is not the only issue. If my snort boxen are compromised, a
    presistent SSH tunnel be used to infiltrate further. I want to develop a
    method by which catpure files are create and then retreived on aregular
    basis for processing. I don't want to give the snort boxes a way to
    establish connections back to my central subnet.

    -----Original Message-----
    From: Michael Boman [mailto:michaelelinux.com.sg]
    Sent: Thursday, April 26, 2001 10:18 AM
    To: Ed Padin; snort-userslists.sourceforge.net
    Subject: Re: [Snort-users] Logging to a central database

    *** PGP Signature Status: unknown
    *** Signer: Unknown, Key ID = 0x0F771043
    *** Signed: 4/26/01 10:18:34 AM
    *** Verified: 4/27/01 11:32:34 AM
    *** BEGIN PGP VERIFIED MESSAGE ***

    On Thursday 26 April 2001 21:28, Ed Padin wrote:
    > Hi,
    >
    > I'm trying to have a central database for all snort data. I've set up
    > postgress and can get snort running on the local machine to log alerts and
    > packet paylogs to the snort database. I know want to get the data from my
    > remote nodes. Because of our security policies, it's more feasible for me
    > to transfer the data via secure file copy rather than doing a remote
    > database client.

    [snip]

    > I appreciate any help anyone can offer.

    Question: Why not create a SSH tunnel between your client node to the
    central
    database server? Then you can use direct DB connection but yet keep the
    information encrypted between the remote node and the central database
    server.

    Best regards
     Michael Boman 

    --
"eLINUX  ---  Enabling the Net Economy on Linux"
----------------------------------------------------------
Michael Boman                   eLinux Pte Ltd
LPIC-1                          http://www.elinux.com.sg
Technical Consultant            Tel:    (65)  227 6180
michaelelinux.com.sg           Fax:    (65)  227 5808
----------------------------------------------------------

    *** END PGP VERIFIED MESSAGE ***

    _______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users