More and more hacker appear in the Internet, more and more experts appear in the case. How do you make sure that you can save a full log? A little bit of conceptual hacker know that the first thing to do when you get into the system is to clean up the log, and the easiest and most straightforward way to find the intrusion is to look at the system records file. Now let's talk about how to set up a secure log server.
Think about how you can change your log if intruders can't connect to your log server? Now let's learn how to set up a log server without IP.
Now, let's explain how to do three things with snort:
Stealth Sniffer
Stealth NIDS Porbe
Stealth Logger
All this is used on a server without IP. NIDs is the abbreviation of receptacle intrusion dectection server, i.e. intrusion detection server.
Why stealth?
Running any service on the Internet is dangerous. Whether it is HTTP or FTP, or Telnet, in short, there will be opportunities for hack intrusion. The uniqueness of stealth logger allows us to receive data without sending any information. This way the external computer (the hack computer) cannot change the information received by Loger Server at all. That is to say, to ensure the integrity of our information, as well as the original. In order to secure the log server, it is best not to connect the log server to the network. In other words, when you need to check something on the logger server, you need to go to the computer and turn on the screen. Instead of remote login in. However, if you must connect to the Internet, then use two interfaces. That is to say two network card, and notice, first, IP forwarding must close. The second is that the interface used to do stealth logger is a network card without IP, this card must not be with another IP network card under the same network.
Set:
First of course is to make sure that your NIC is installed correctly, and can be kernel caught. Then write the module required by the NIC to the/etc/modules.conf file.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.