Adriel T. Desautels wrote:
> By introducing snort into the m0n0wall firewall you're introducing
> potential attack vector. If someone is able to compromise your system via a
> vulnerability in snort (there have been a few good ones) then they have
> over all of your traffic. If they have control over your traffic, they
> also have
> access to your client data (in theory) and other sensitive data.
I know all of that. Life is full of compromises. This would be one.
> Have you considered checking out a soekris box for m0n0wall? Or perhaps
> running snort on an internal system and just doing a port mirror? Also,
> if you
> don't mind me asking, what sort of small business is this?
The kind of business doesn't really matter. All what you mentionned
does increase the total cost. I didn't say you're wrong, I just said
that there is no clear-cut answer to this. m0n0's developpers
philosophy will dictate the path they'll take, and if people don't
agree, they'll switch to something else. This doesn't make of m0n0 a
bad product. Not at all.