Security Basics mailing list archives
Re: security advice
From: Alvin Oga <alvin.sec () Virtual Linux-Consulting com>
Date: Tue, 27 Jan 2004 18:30:20 -0800 (PST)
hi ya
Hi Davie, "can anyone give me some tips to secure the network?"
- hire a "security consultant" for $$$ and have them do a proposal and costs estimate for you - if it was my network ... my general security policy rules are: - no telnet ... use ssh ( putty, etc ) - no ftp ...... use ssh/sftp ( winftp ) - no pop3 ..... use secure pop3d - no imap ..... use secure imapd - no dhcp ..... always use static ip , unused ip# goes to xxx dummy server - no wireless . keep it outside the firewall ( treat them as an outside cracker ) - no laptop ... keep it outside the firewall ( treat them as an outside cracker ) - no vpn ...... keep it outside the firewall ( treat them as an outside cracker ) - how many people really do work from home or hotels - setup webmail for those traveling "outside" - setup outside "network neighborhood" for those traveling around the country/world - use different login for each "service" mail, local ssh, remote ssh, wireless, vpn, ... and different passwd assigned by you or random number generator - build all servers yourself - install sw from "official cdrom" - install all known patches at the time - make a backup of the entire system to dvd or tape - put the new server online and watch it get attacked - on and on and on - pretend your competitor log'd in as root into your "supposedly secure" vpn or ssh connection inside the firewalll... - now cover your butt .. if you can't hide your data... fix/update/secure your network ... - it's 100x cheaper to give them a secure pc than to fix any problems incurred from the wireless laptops that roams the world or insecure home PC/network and inheriting all kinds of worms, virus, that finds its way into the corp lan ... - i know companies that shutdown for days/weeks due to "home users" ( they dont allow work-from-home or wireless or dhcp anymore .. :-) - why do you need those "insecure things" ... ?? - what do you stand to lose due to a security breach ?? c ya alvin --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- security advice coder (Jan 26)
- Re: security advice Brad Arlt (Jan 27)
- Re: security advice Meritt James (Jan 28)
- <Possible follow-ups>
- RE: security advice Thomas F. Szabo (Jan 27)
- Re: security advice Alvin Oga (Jan 28)
- RE: security advice Mike (Jan 27)
- Re: security advice Byron Sonne (Jan 28)
- RE: security advice Jimmy Sansi (Jan 28)
- RE: security advice Jean-Paul Baillon (Jan 28)
- RE: security advice Mike (Jan 28)