Securing the ACID Web Console
217
Figure 7 7
The Policy Editor window with
snort.conf
settings.
7.3 Securing the ACID Web Console
As you have seen in Chapter 6, ACID is a very useful tool for viewing and managing
data generated by the Snort sensors. However, there is one issue that is not yet
resolved security of ACID. If the web server running ACID is not secure, anybody
can go to the ACID web pages and modify, archive, and delete data in the database
using ACID. As you have seen, the user name and password are hard coded in the
ACID configuration file
acid_conf.php
and the person viewing ACID web pages
does not need to know the database user name and password to delete information from
the database. There are multiple methods that you can adopt to achieve security.
7.3.1
Using a Private Network
There are different ways to make ACID secure. One way is to use a private net
work for all Snort sensors and the centralized database server where ACID and Apache
are installed so that their IP addresses are not visible from the Internet. This scheme is
still vulnerable to the internal users who have access to this private network.
footer
Our partners:
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Java Hosting
Cheapest Hosting
Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved