My desktop Linux system (Suse 8.1) is connected to a DSL line with a fixed IP address. What is the best way to protect my system from intrusion? Would it be the SuseFirewall? What about Snort? Is Snort basically a reporting tool or can it too be used to block intruders? Thanks Matt
My desktop Linux system (Suse 8.1) is connected to a DSL line with a fixed IP address. What is the best way to protect my system from intrusion? Would it be the SuseFirewall? What about Snort? Is Snort basically a reporting tool or can it too be used to block intruders?
As I understand it, snort is a reporting tool to detect intrusions, but not to actually prevent/block them. You will definately want to investigate SuSEFirewall2. I prefer to write my own iptables firewall rules, but the interface to SuSEFirewall2 is better suited to someone newer to firewalls. If you are not running a server on your machine, you can probably block most traffic into your box, except maybe ssh for remote administration. Have fun, Josh
On Mon, 2 Jun 2003 13:45:03 -0500 (CDT) "Josh Trutwin" <josh@trutwins.homeip.net> wrote:
As I understand it, snort is a reporting tool to detect intrusions, but not to actually prevent/block them.
Snort by default does not block attacks unless if compiled with flexresp support and with an appropriate rule set. Another option, if you want realtime blocking, is to use a utility such as guardian.pl and blockit.pl in conjunction with Snort. Charles -- linux: because a PC is a terrible thing to waste (ksh@cis.ufl.edu put this on Tshirts in '93)
On Monday 02 June 2003 11:26 am, Matt Stamm wrote:
My desktop Linux system (Suse 8.1) is connected to a DSL line with a fixed IP address. What is the best way to protect my system from intrusion? Would it be the SuseFirewall? What about Snort? Is Snort basically a reporting tool or can it too be used to block intruders?
I would suggest using SuSE firewall and then using snort to monitor activity. The idea is to see which ports you need to open or close in order to fine tune the firewall. This way you can shutdown/restrict some ports and others can be assigned specifics. If you notice suspicious activity on a port or from an address that isn't explicitly needed you can then plug that hole, and so on. HTH, Curtis.
Matt Stamm wrote:
My desktop Linux system (Suse 8.1) is connected to a DSL line with a fixed IP address. What is the best way to protect my system from intrusion? Would it be the SuseFirewall? What about Snort? Is Snort basically a reporting tool or can it too be used to block intruders?
Thanks Matt
suse way - susefirewall end-userish easy way - use a residential gateway (router - linksys, netgear, etc) These cost about $100, setup time is very quick.
participants (5)
-
Charles Philip Chan -
Curtis Rey -
Josh Trutwin -
Matt Stamm -
Oskar Teran