[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-sigs
Subject: RE: [Snort-sigs] RE: Snort-sigs digest, Vol 1 #87 - 3 msgs
From: "Cessna, Michael" <MCessna () rtm ! com>
Date: 2001-10-24 20:35:09
[Download RAW message or body]
Good suggestion, and actually that is in the works. We just put in a new
win2k/exchange2k server where before we had a 5.5 box that was here when I
started and is in horrendous shape. I was afraid to kill the server since it
was barely hanging on. Now with the new server we are setting it up with the
SSL certs and limiting all traffic to this. However until that is finished,
I was going nuts with the snort alerts and wanted to stop them.
I haven't tried the client side certs yet....good idea....I like it, I'll
definitely look into that one.
Thanks,
Mike
-----Original Message-----
From: Nelson, James (CC-MIS Plans and Prog)
[mailto:James.Nelson@conagrafoods.com]
Sent: Wednesday, October 24, 2001 4:04 PM
To: 'snort-sigs@lists.sourceforge.net'
Subject: [Snort-sigs] RE: Snort-sigs digest, Vol 1 #87 - 3 msgs
More practical Suggestion:
Want to make these annoying snort alerts stop? Encrypt the communications!
Address the largest security risk and change your web mail over to SSL. Do
you really want your corporate email going over the web unprotected? Do you
really want your internal LAN ID's and passwords are flying over the
internet in the clear? That's what you get if you don't use SSL!
Microsoft IIS 4.0 and 5.0 both have certificate authorities in them. There
are countless free and commercial certificate authorities out there as well.
(Baltimore technologies has a commercial on and Pyca is a free one for
example) You could very easily use the CA to issue a certificate for your
web site. If you want to make the error messages go away for you users
because the cert isn't from a trusted authority, you can modify your end
users so their web browsers trust your CA.
If you want security, which you should not stop there. The SSL handshake
has been showing to have some weakenss when only server side certificates
are used. IIS has support for client-side certificates. You can and should
tie client certificates down to the user it was issued to. Two-factor
authentication-- what a concept.
There's my $0.02 worth.
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[Attachment #3 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2653.12">
<TITLE>RE: [Snort-sigs] RE: Snort-sigs digest, Vol 1 #87 - 3 msgs</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=2>Good suggestion, and actually that is in the works. We just put in a \
new win2k/exchange2k server where before we had a 5.5 box that was here when I \
started and is in horrendous shape. I was afraid to kill the server since it was \
barely hanging on. Now with the new server we are setting it up with the SSL certs \
and limiting all traffic to this. However until that is finished, I was going nuts \
with the snort alerts and wanted to stop them.</FONT></P>
<P><FONT SIZE=2>I haven't tried the client side certs yet....good idea....I like it, \
I'll definitely look into that one.</FONT> <BR><FONT SIZE=2>Thanks,</FONT>
<BR><FONT SIZE=2>Mike</FONT>
</P>
<P><FONT SIZE=2>-----Original Message-----</FONT>
<BR><FONT SIZE=2>From: Nelson, James (CC-MIS Plans and Prog)</FONT>
<BR><FONT SIZE=2>[<A \
HREF="mailto:James.Nelson@conagrafoods.com">mailto:James.Nelson@conagrafoods.com</A>]</FONT>
<BR><FONT SIZE=2>Sent: Wednesday, October 24, 2001 4:04 PM</FONT>
<BR><FONT SIZE=2>To: 'snort-sigs@lists.sourceforge.net'</FONT>
<BR><FONT SIZE=2>Subject: [Snort-sigs] RE: Snort-sigs digest, Vol 1 #87 - 3 \
msgs</FONT> </P>
<BR>
<P><FONT SIZE=2>More practical Suggestion:</FONT>
</P>
<P><FONT SIZE=2>Want to make these annoying snort alerts stop? Encrypt the \
communications!</FONT> <BR><FONT SIZE=2>Address the largest security risk and change \
your web mail over to SSL. Do</FONT> <BR><FONT SIZE=2>you really want your \
corporate email going over the web unprotected? Do you</FONT> <BR><FONT \
SIZE=2>really want your internal LAN ID's and passwords are flying over the</FONT> \
<BR><FONT SIZE=2>internet in the clear? That's what you get if you don't use \
SSL!</FONT> </P>
<P><FONT SIZE=2>Microsoft IIS 4.0 and 5.0 both have certificate authorities in \
them. There</FONT> <BR><FONT SIZE=2>are countless free and commercial \
certificate authorities out there as well.</FONT> <BR><FONT SIZE=2>(Baltimore \
technologies has a commercial on and Pyca is a free one for</FONT> <BR><FONT \
SIZE=2>example) You could very easily use the CA to issue a certificate for \
your</FONT> <BR><FONT SIZE=2>web site. If you want to make the error messages \
go away for you users</FONT> <BR><FONT SIZE=2>because the cert isn't from a trusted \
authority, you can modify your end</FONT> <BR><FONT SIZE=2>users so their web \
browsers trust your CA.</FONT> </P>
<P><FONT SIZE=2>If you want security, which you should not stop there. The SSL \
handshake</FONT> <BR><FONT SIZE=2>has been showing to have some weakenss when only \
server side certificates</FONT> <BR><FONT SIZE=2>are used. IIS has support for \
client-side certificates. You can and should</FONT> <BR><FONT SIZE=2>tie client \
certificates down to the user it was issued to. Two-factor</FONT> <BR><FONT \
SIZE=2>authentication-- what a concept.</FONT> </P>
<P><FONT SIZE=2>There's my $0.02 worth.</FONT>
</P>
<P><FONT SIZE=2>_______________________________________________</FONT>
<BR><FONT SIZE=2>Snort-sigs mailing list</FONT>
<BR><FONT SIZE=2>Snort-sigs@lists.sourceforge.net</FONT>
<BR><FONT SIZE=2><A HREF="https://lists.sourceforge.net/lists/listinfo/snort-sigs" \
TARGET="_blank">https://lists.sourceforge.net/lists/listinfo/snort-sigs</A></FONT> \
</P>
</BODY>
</HTML>
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic