|
||||||||
Adriel T. Desautels wrote: > Also, > By introducing snort into the m0n0wall firewall you're introducing > another > potential attack vector. If someone is able to compromise your system via a > vulnerability in snort (there have been a few good ones) then they have > control > over all of your traffic. If they have control over your traffic, they > also have > access to your client data (in theory) and other sensitive data. I know all of that. Life is full of compromises. This would be one. > > Have you considered checking out a soekris box for m0n0wall? Or perhaps > running snort on an internal system and just doing a port mirror? Also, > if you > don't mind me asking, what sort of small business is this? The kind of business doesn't really matter. All what you mentionned does increase the total cost. I didn't say you're wrong, I just said that there is no clear-cut answer to this. m0n0's developpers philosophy will dictate the path they'll take, and if people don't agree, they'll switch to something else. This doesn't make of m0n0 a bad product. Not at all. |