[Bro] bro cluster security
Slagell, Adam J
slagell at illinois.edu
Fri Jan 30 05:31:42 PST 2015
A common setup would be to have the cluster privately addressed and behind a bastion host, using ssh host keys between trusted hosts.
On Jan 30, 2015, at 6:41 AM, Luis Miguel Silva <luismiguelferreirasilva at gmail.com<mailto:luismiguelferreirasilva at gmail.com>> wrote:
I guess I could, though that wouldn't protect from attacks coming from authorized hosts.
Anyway, I'm just trying to figure out what level of security is there builtin!
Thanks,
Luis
On Fri, Jan 30, 2015 at 5:17 AM, Dave Crawford <bro at pingtrip.com<mailto:bro at pingtrip.com>> wrote:
Can you mitigate the risk by running a local firewall (e.g. IPTables on Linux, or PF on FreeBSD) on each component with explicit rules pairing manger<->workers<->proxies on the appropriate ports?
-Dave
On Jan 30, 2015, at 2:40 AM, Luis Miguel Silva <luismiguelferreirasilva at gmail.com<mailto:luismiguelferreirasilva at gmail.com>> wrote:
All,
As I was looking at the bro cluster documentation<https://www.bro.org/sphinx/cluster/index.html>, I noticed there wasn't any information / configuration parameters to authenticate / authorize the communication between the manager, worker and proxy components.
How do we protect against malicious processes from impersonating real components?
Thank you,
Luis
_______________________________________________
Bro mailing list
bro at bro-ids.org<mailto:bro at bro-ids.org>
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
_______________________________________________
Bro mailing list
bro at bro-ids.org<mailto:bro at bro-ids.org>
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150130/ded511ef/attachment.html
More information about the Bro
mailing list