Mailinglist Archive: opensuse (3729 mails)
| < Previous | Next > |
Re: [SLE] Desktop Intrusion Protection
- From: Curtis Rey <crrey@xxxxxxxxxxx>
- Date: Mon, 2 Jun 2003 13:32:35 -0700
- Message-id: <200306021332.35974.crrey@xxxxxxxxxxx>
On Monday 02 June 2003 11:26 am, Matt Stamm wrote:
> My desktop Linux system (Suse 8.1) is connected to a DSL line with a fixed
> IP address. What is the best way to protect my system from intrusion? Would
> it be the SuseFirewall? What about Snort? Is Snort basically a reporting
> tool or can it too be used to block intruders?
>
I would suggest using SuSE firewall and then using snort to monitor activity.
The idea is to see which ports you need to open or close in order to fine
tune the firewall.
This way you can shutdown/restrict some ports and others can be assigned
specifics. If you notice suspicious activity on a port or from an address
that isn't explicitly needed you can then plug that hole, and so on.
HTH, Curtis.
> My desktop Linux system (Suse 8.1) is connected to a DSL line with a fixed
> IP address. What is the best way to protect my system from intrusion? Would
> it be the SuseFirewall? What about Snort? Is Snort basically a reporting
> tool or can it too be used to block intruders?
>
I would suggest using SuSE firewall and then using snort to monitor activity.
The idea is to see which ports you need to open or close in order to fine
tune the firewall.
This way you can shutdown/restrict some ports and others can be assigned
specifics. If you notice suspicious activity on a port or from an address
that isn't explicitly needed you can then plug that hole, and so on.
HTH, Curtis.
| < Previous | Next > |