On 16-08-14 08:22, Joel Rees wrote: > On Fri, Aug 15, 2014 at 11:39 PM, Scott Bonds <sc...@ggr.com> wrote: >> [...] >> Perhaps I should separate the router and 'everything else' >> roles, so that the router only has builtin OpenBSD software on it, no >> packages. > Strongly encourage you to get a separate box to run the router and > firewall on. (Ted, if you read this, do you run firewall on Beagle > Boards?) > >> Then again, whatever the exploit, they could probably still >> use it on the newly separated 'everything else' box. Anyway, I clearly >> have a lot to learn about security. > Actually, many of the exploits will hit high enough speed bumps > getting through the router/firewall, if you set it up right, that the > exploit would not succeed in dropping actual rootkit. > > Not to say you don't need something to watch for rootkits, as well, > but combining functions makes for a weaker system. > You might want to run a SIEM solution such as ossim with local ossec agents. Works fine.
Overkill? Might be, but it is nice to see what is happening, and you can run automated vulnerability scans on your own network to see where leaks or misconfigurations might be. Erik Jan
