View Single Post
  #6   (View Single Post)  
Old 15th January 2013
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
Join Date: May 2008
Location: USA
Posts: 6,292

An IDS alerts you to intrusions as they occur, or, after they occur. It will also show you failed attempted incursions. I stopped using snort, because I was running OpenBSD and snort only showed failed attempts, never a success.

I may install an IDS and do some penetration tests for a web based application of mine that is designed, but is not yet in production. That design is for a High Availability (HA) geographically dispersed suite of servers. Some of the security decisions already in place are:
  • All server to server communications for this application are encapsulated inside IPSec VPN tunnels.
  • OpenBSD's PF blocks server-server application connections except those via IPSec. (e.g.: SQL connections to the database servers are only open to IPSec authenticated/encrypted connections)
  • The application servers execute code from a filesystem mounted read/only.
  • End user connections (on the webservers) are forced to use HTTPS through URL rewrite of HTTP.
  • Administrative access to all servers - for consoles, X (if needed), and file transfers - is conducted via SSH. SSH public key authentication is the only authentication form used; password authentication is explicitly disabled.
FTP is not used, either by admins or by users. Admins expect to use SSH file transfer applications -- sftp or scp -- for administrative file transfers. Server-to-server bulk data transfers (such as database synchronization between servers) are encapsulated within IPSec VPN.

Last edited by jggimi; 15th January 2013 at 05:44 PM. Reason: typos, clarity
Reply With Quote