On Friday 21 December 2001 1:30 pm, Kevin Robitaille wrote: > Any one out there know good reference for securing a > Linux 7.2 Server OS. I'm new to using Linux and need > to lock down a system for use as an IDS Sensor. Any > help would be appreciated.
How were you going to set it up? I assume you would go for 2 NICs, one for connection to the network segment to be watched, and one to a management lan - this would have any tools running that you use for managing the sensor. The NIC on the watched lan would best be in Promicuous mode and configured without an IP address (hence it cannot be directly reached by other computers on that network. This then allows you to manage the sensor (retrive logs / view alerts) but without making the Sensor available at the IP level on the network you are watching. Alex Collins
