> Snort does not do any filtering. It's an IDS that logs > scans. Yes. I realize that. Jochem's complaint about using TCP/IP Filtering and IP security policies in Windows 2000 was that it didn't do stateful inspection. My response to that, assuming that Jochem's concern was primarily that these tools don't allow you to see what's actually being sent to the box, was that you could use Snort for that. No, it won't actually STOP any traffic. However, if you've properly configured your bastion host, this may not be a significant concern. After all, if you've got a server which only allows inbound traffic to ports 80, 443, and whatever your remote shell listens on, and only allows outbound traffic to your database server, and you've installed an input filter on your web server, do you really need host-based stateful inspection other than for reporting purposes?
Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
