[Bro] bro cluster security
Dave Crawford
bro at pingtrip.com
Fri Jan 30 04:17:30 PST 2015
Can you mitigate the risk by running a local firewall (e.g. IPTables on Linux, or PF on FreeBSD) on each component with explicit rules pairing manger<->workers<->proxies on the appropriate ports?
-Dave
> On Jan 30, 2015, at 2:40 AM, Luis Miguel Silva <luismiguelferreirasilva at gmail.com> wrote:
>
> All,
>
> As I was looking at the bro cluster documentation <https://www.bro.org/sphinx/cluster/index.html>, I noticed there wasn't any information / configuration parameters to authenticate / authorize the communication between the manager, worker and proxy components.
>
> How do we protect against malicious processes from impersonating real components?
>
> Thank you,
> Luis
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150130/41265ae7/attachment-0001.html
More information about the Bro
mailing list