[Bro] bro cluster security
bro at pingtrip.com
Fri Jan 30 04:17:30 PST 2015
Can you mitigate the risk by running a local firewall (e.g. IPTables on Linux, or PF on FreeBSD) on each component with explicit rules pairing manger<->workers<->proxies on the appropriate ports?
> On Jan 30, 2015, at 2:40 AM, Luis Miguel Silva <luismiguelferreirasilva at gmail.com> wrote:
> As I was looking at the bro cluster documentation <https://www.bro.org/sphinx/cluster/index.html>, I noticed there wasn't any information / configuration parameters to authenticate / authorize the communication between the manager, worker and proxy components.
> How do we protect against malicious processes from impersonating real components?
> Thank you,
> Bro mailing list
> bro at bro-ids.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro