Login or Register to Ask a Question and Join Our Community


Cybersecurity

Question on a security package on linux

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Question on a security package on linux
# 1  
Old 11-27-2010
Question on a security package on linux
Hello everyone ,
I want to implement a new firewall, detection system on my network composed of some 200 computers as follows: The fire wall would be a linux box with router, L7 iptable and also snort as IDPS system. These are my questions:
1. Is there any security consideration regarding putting all of these packages on the same server , that is to say that should I inevitably put IDPS and FW on two different linux boxes or they can all be put together on one linux box.
2. Is there any package that contains L7 iptables with snort or any other equally strong IDPS using GUI environment for manipulation and configurations?
3. Is there any other package at all that might have the same functionality; i.e., L7 filter and an IDPS with graphic user interface?
Also I have a question on snort : Is it possible to have control on the size of uploaded files and not only tcp packets from my internal network to internet by L7 filter or Snort or any other software? If this can be done , then I will be able to prevent leakage of data from my internal network by malwares to malicious servers.
Thanks
Login or Register to Ask a Question

Previous Thread | Next Thread

6 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

How to find dependancies of .dstream package (Solaris) & .rpm package( linux)

Friends, Please let meknow, How we can find the dependancies of .dstream package & .rpm package before installation ? For AIX, We can use the inutoc . command to create the .toc file for the bff package, What about Solaris & Linux ? (0 Replies)
Discussion started by: yb4779
0 Replies

2. Linux

RPM Package question

Hi, I have built one RPM last year. now we have another version of that RPM. in previous release we had few extra files then now. so when user upgrade it those files get deleted by RPM package. We want to retain those files. now for workaround i thought of backing up those file during... (0 Replies)
Discussion started by: ajayyadavmca
0 Replies

3. UNIX for Dummies Questions & Answers

Question on install software package on Linux

Hello ALL, I am not very sure about the following two questions, I have install some packages on my Linux system, though. Q1. Should I log in as root to install a software package on a Linux system? Q2. If I log in as a common user, say 'Mike', and install a software on Mike's home... (1 Reply)
Discussion started by: cy163
1 Replies

4. Solaris

dsteam package question

Hi, What is the different between regular solaris package and dstream package? I am not sure about dsteam package. What is it? thanks in advance (2 Replies)
Discussion started by: mokkan
2 Replies

5. Shell Programming and Scripting

perl package question

can someone tell me how below package command worked? I understand how global1.pl works.. but i don't see how global3.pl is working.. Is package Fred command having first output look into $main:name??? # cat global3.pl #!/usr/bin/perl -w #use strict; $main::name = "Your name Here";... (1 Reply)
Discussion started by: hankooknara
1 Replies

6. Solaris

solaris package question

I'm trying to install GNU C compiler. I have the binary downloaded, and add it using a pkgadd -d command. Is there anything else I need to do? Thanks. (7 Replies)
Discussion started by: ECBROWN
7 Replies
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

prads2snort

PRADS2SNORT(1)							    networking							    PRADS2SNORT(1)

NAME

       prads2snort - Snort autotuning of Frag3 and Stream5

SYNOPSIS

	  prads2snort -i /var/log/prads-asset.log -o /etc/snort/host_attributes.xml -d linux -v

DESCRIPTION

       PRADS is a Passive Real-time Asset Detection System.

       It  passively  listen to network traffic and gathers information on hosts and services it sees on the network. This information can be used
       to map your network, letting you know what services and hosts are alive/used, or can be used together with your favorite IDS/IPS setup  for
       "event to host/service" correlation.

       Gathering  info about your hosts in real-time, will also let you detect assets that are just connected to the network for a short period of
       time, where a active network scan (nmap etc.) would take long time, and not common to run continually, hence missing the asset.

       The initial goal of implementing PRADS, was to make the host_attribute_table.xml for Snort (automatically).

       PRADS2SNORT is the tool that does this!

OPTIONS

       -i,--infile <file>
	      file to feed prads2snort.pl

       -o,--outfile <file>
	      file to write host_attribute data to (host_attribute.xml)

       -d,--default <os>
	      set Default OS if unknown (linux,bsd,macos,windows)

       -v, --verbose
	      prints out OS, frag, stream and confidence of asset

       -h, --help
	      this help message

       --version
	      show prads2snort.pl version

PROBLEMS

       1. Better mapping of less used apps to their correct snort attributes or drop them.

SEE ALSO

       o PRADS <http://prads.projects.linpro.no/>

       o p0f <http://lcamtuf.coredump.cx/p0f.shtml>

       o PADS <http://passive.sourceforge.net/>

       o Snort <http://snort.org>

       o Sguil <http://sguil.net>

       o Hogger <http://code.google.com/p/hogger/>

BUGS

       Report bugs here:

       o http://github.com/gamelinux/prads/issues

       For general questions:

       o http://projects.linpro.no/mailman/listinfo/prads-devel

       o http://projects.linpro.no/mailman/listinfo/prads-users

AUTHOR

       edwardfjellskaal@gmail.com

COPYRIGHT

       GPL

0.2								    2010-06-21							    PRADS2SNORT(1)