[ previous ] [ next ] [ threads ]
 
 From:  Ugo Bellavance <ugob at camo dash route dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: m0n0wall - Snort ;]
 Date:  Mon, 20 Jun 2005 18:26:08 -0400
Adriel T. Desautels wrote:
> Also,
>    By introducing snort into the m0n0wall firewall you're introducing
> another
> potential attack vector. If someone is able to compromise your system via a
> vulnerability in snort (there have been a few good ones) then they have
> control
> over all of your traffic. If they have control over your traffic, they
> also have
> access to your client data (in theory) and other sensitive data.

I know all of that.  Life is full of compromises.  This would be one.

> 
>    Have you considered checking out a soekris box for m0n0wall? Or perhaps
> running snort on an internal system and just doing a port mirror? Also,
> if you
> don't mind me asking, what sort of small business is this?

The kind of business doesn't really matter.  All what you mentionned
does increase the total cost.  I didn't say you're wrong, I just said
that there is no clear-cut answer to this.  m0n0's developpers
philosophy will dictate the path they'll take, and if people don't
agree, they'll switch to something else.  This doesn't make of m0n0 a
bad product.  Not at all.