[Bro] bro cluster security

Dave Crawford bro at pingtrip.com
Fri Jan 30 04:17:30 PST 2015

Can you mitigate the risk by running a local firewall (e.g. IPTables on Linux, or PF on FreeBSD) on each component with explicit rules pairing manger<->workers<->proxies on the appropriate ports?


> On Jan 30, 2015, at 2:40 AM, Luis Miguel Silva <luismiguelferreirasilva at gmail.com> wrote:
> All,
> As I was looking at the bro cluster documentation <https://www.bro.org/sphinx/cluster/index.html>, I noticed there wasn't any information / configuration parameters to authenticate / authorize the communication between the manager, worker and proxy components.
> How do we protect against malicious processes from impersonating real components?
> Thank you,
> Luis 
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150130/41265ae7/attachment-0001.html 

More information about the Bro mailing list