Re: Securing networks
Hello Bret, What threats are you trying to protect against? That decides what you need to take care of. Not quite sure - hackers and the like? My point is that, like in the Window$ world, simply saying put on a firewall, and an anti-virus program and you're done. And keep it up to date doesn't really address the issue. My thinking exactly. I recommend you buy a book about securing GNU/Linux systems, and use that to guide your understanding and choices. Currently I'm using Real World Linux Security. I'm just getting started. Is it possible for you to recommend a book? SSH seems to be able to handle this. I haven't seen anyone speak against it, except for the possibility of performance issues if one tries to cram too much over the pipe. That would be a problem with just a network connection anyway, so you'd have to design for that anyway. Yeah I use SSH internally, but I'm not quite sure how SSH works externally via NAT? After all, I can't quite type ssh -l piers 192.168.0.1. Thanks very much for your help :) Cheers - Piers -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Securing networks
Hello, If you are really interested in getting security and having some functionality hosted yourself (mail/web) then I would strongly recommend you consider a DMZ for your hosting. This can be done a number of ways. But if you can spare an extra machine, this would be pretty good and save you about $1,000. Install smoothwall or ip-cop on it and you will have a dedicated hardware firewall. This is a great place to start. Now you can leave all your windows boxes on a LAN and host a DMZ as well. In fact, I'm using Smoothwall right now for the current network, but I couldn't find anything to do with DMZ on the router? Although the ADSL router I have (not used atm, will be using it for the new network though) does have DMZ, used that without success in the past, although I'm a bit worried about putting my main PC in the DMZ all the time - I might want to log in my PC from work. Or I could just forward one port that SSH uses? Cheers for your help Piers -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Securing networks
On Sat, 30 Aug 2003 12:35:47 +0100, Piers Kittel [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]: Hello, If you are really interested in getting security and having some functionality hosted yourself (mail/web) then I would strongly recommend you consider a DMZ for your hosting. This can be done a number of ways. But if you can spare an extra machine, this would be pretty good and save you about $1,000. Install smoothwall or ip-cop on it and you will have a dedicated hardware firewall. This is a great place to start. Now you can leave all your windows boxes on a LAN and host a DMZ as well. In fact, I'm using Smoothwall right now for the current network, but I ..try ipcop, over at http://ipcop.org/ , also has a pretty good support list, so I cc. couldn't find anything to do with DMZ on the router? Although the ADSL router I have (not used atm, will be using it for the new network though) does have DMZ, used that without success in the past, although I'm a bit worried about putting my main PC in the DMZ all the time - I might want to log in my PC from work. Or I could just forward one port that SSH uses? Cheers for your help Piers -- ..med vennlig hilsen = with Kind Regards from Arnt... ;-) ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Securing networks
Hello all Am going to move house soon, and want to re-setup my network again, as I want to install debian on the network server which is currently RedHat (DHCP, DNS, proxy etc). But I'm quite worried about security, and want to know the best ways to find out how to secure the network. I've a hardware Linksys router/firewall with a WLAN access point built in. As I know WEP is as secure as a biscuit, how should I setup and secure the WLAN network? And how should I protect my wired network - also I'd like to be able to log in my main PC from outside, such as work or at friends house? Thanks very much for your help in advance Cheers - Piers -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Securing networks
On Thu, 2003-08-28 at 10:37, Piers Kittel wrote: Hello all Am going to move house soon, and want to re-setup my network again, as I want to install debian on the network server which is currently RedHat (DHCP, DNS, proxy etc). But I'm quite worried about security, and want to know the best ways to find out how to secure the network. I've a hardware Linksys router/firewall with a WLAN access point built in. As I know WEP is as secure as a biscuit, how should I setup and secure the WLAN network? What threats are you trying to protect against? That decides what you need to take care of. Given that we're discussing computers, many threats can be automated, so only black bag scenarios are beyond possibility. Or are they? Recently here in Florida, a Doctors office was broken into, and what they stole was records in boxes. Patient names, social security numbers, medical records. 18 boxes of them - they knew what they were after. And the computers. The police suggest identify theft. So how far do you want to go? Do you know that your credit card number can linger in the swap partition even though it was never saved to disk? My point is that, like in the Window$ world, simply saying put on a firewall, and an anti-virus program and you're done. And keep it up to date doesn't really address the issue. I recommend you buy a book about securing GNU/Linux systems, and use that to guide your understanding and choices. Currently I'm using Real World Linux Security. I'm just getting started. I'm relying on a gateway/router/NAT box in the meantime. They do help, if the features are turned on. And I'm relying on having a /home partition in it's own right and a good backup, so I can rebuild the system securely once I've got a grip on how that should be set up. (My /home data doesn't include much that would affect security best I can tell so far. No GNU/Linux viruses in the email. No root level configuration files in .gtkrc, etc.) But I can blow away my system, and reinstall it not connected to the net, and have a chance to run an intrusion detection system on a clean install to get a baseline. And then update in small bites, so I can monitor it. And how should I protect my wired network - also I'd like to be able to log in my main PC from outside, such as work or at friends house? SSH seems to be able to handle this. I haven't seen anyone speak against it, except for the possibility of performance issues if one tries to cram too much over the pipe. That would be a problem with just a network connection anyway, so you'd have to design for that anyway. Cheers, Bret -- bwaldow at alum dot mit dot edu -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]