Re: security advice

[Alvin Oga <alvin.sec () Virtual Linux-Consulting com>]

hi ya

> Hi Davie,
>
> "can anyone give me some tips to secure the network?"

- hire a "security consultant" for $$$ and have them do a 
  proposal and costs estimate for you

- if it was my network ... my general  security policy rules are:
        - no telnet ... use ssh ( putty, etc )
        - no ftp ...... use ssh/sftp ( winftp )
        - no pop3 ..... use secure pop3d
        - no imap ..... use secure imapd
        - no dhcp ..... always use static ip , unused ip# goes to xxx dummy server
        - no wireless . keep it outside the firewall ( treat them as an outside cracker )
        - no laptop ... keep it outside the firewall ( treat them as an outside cracker )
        - no vpn ...... keep it outside the firewall ( treat them as an outside cracker )
                - how many people really do work from home or hotels
        - setup webmail for those traveling "outside"
        - setup outside "network neighborhood" for those traveling around the country/world

        - use different login for each "service"
                mail, local ssh, remote ssh, wireless, vpn, ...
                and different passwd assigned by you or random number generator

- build all servers yourself
        - install sw from "official cdrom"
        - install all known patches at the time
        - make a backup of the entire system to dvd or tape
        - put the new server online and watch it get attacked

- on and on and on

- pretend your competitor log'd in as root into your "supposedly secure" vpn or ssh
  connection inside the firewalll...
        - now cover your butt .. if you can't hide your data... 
        fix/update/secure your network ...

- it's 100x cheaper to give them a secure pc than to fix any 
  problems incurred from the wireless laptops that roams the world
  or insecure home PC/network and inheriting all kinds of worms, virus, 
  that finds its way into the corp lan ...
        - i know companies that shutdown for days/weeks due to "home users"
        ( they dont allow work-from-home or wireless or dhcp anymore .. :-)

        - why do you need those "insecure things"  ... ??

        - what do you stand to lose due to a security breach ??

c ya
alvin

---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------