[Bro] bro cluster security
Luis Miguel Silva
luismiguelferreirasilva at gmail.com
Fri Jan 30 04:33:59 PST 2015
I guess I could, though that wouldn't protect from attacks coming from
authorized hosts.
Anyway, I'm just trying to figure out what level of security is there
builtin!
Thanks,
Luis
On Fri, Jan 30, 2015 at 5:17 AM, Dave Crawford <bro at pingtrip.com> wrote:
> Can you mitigate the risk by running a local firewall (e.g. IPTables on
> Linux, or PF on FreeBSD) on each component with explicit rules pairing
> manger<->workers<->proxies on the appropriate ports?
>
> -Dave
>
> On Jan 30, 2015, at 2:40 AM, Luis Miguel Silva <
> luismiguelferreirasilva at gmail.com> wrote:
>
> All,
>
> As I was looking at the bro cluster documentation
> <https://www.bro.org/sphinx/cluster/index.html>, I noticed there wasn't
> any information / configuration parameters to authenticate / authorize the
> communication between the manager, worker and proxy components.
>
> How do we protect against malicious processes from impersonating real
> components?
>
> Thank you,
> Luis
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150130/f734c7e7/attachment.html
More information about the Bro
mailing list