Security Basics mailing list archives
forensics honeypot and properly seperating networks
From: David S <securitydabbler () gmail com>
Date: Tue, 8 Nov 2005 09:46:21 -0500
Hello all, I am trying to achive a goal and I'm looking for a bit of advice from the list. All constructive or not so constructive critisisms and ideas will be appreciated. --A little background I've worked with Linux/*BSD/Windows Administration and DBA type work for about 6 or 7 years so I'm comfortable there but I'm moving into the security realm and don't have much knowledge past access control and the basics. I've read a lot but haven't put much into practice. I'm a bit weak with regards to the network side of things. I'm on a budget for new hardware, probably 300-500 USD. --My current home setup { Beefy Linux Box Beefy Windows XP Pro box which I use to surf, internet banking, home budgeting, amazon etc. Normal Windows Home (family box) DSL with Static IP Linksys Wireless Router, all Above natted Linksys Switch } For argument's sake I'd like to label this the green zone or green network 3 unused Frankenstein desktops that need to be ultilized and can be canabilized and turned into whatever Goals 1. Most importantly Completely keep the XP boxes and my linux box safe for use for internet banking, billpay, confidential info, work etc. 2. Put my frankenstein boxes ( I'd like to have a Windows, Linux and a * BSD box ) out in a "red zone" that can serve as a honeypot of sorts. I'd like to be able to watch as people attack these boxes, pull some forensic data, look at the logs to teach myself how they got in and how to better harden my boxes. Play around with the different Linux and BSD flavors, build out an IDS box to capture traffic, perhaps setup a syslog box. I'd be totally ok with rebuilding after they are torn apart. 3. Practice my own vulnerability scans and pen tests against both green and red networks from two dual boot laptops loaded with tools or knoppix-std etc. and again watch the IDS flip out as I run tests 4. Again --Very important to keep my "green zone" boxes safe to use for surfing, banking, identity protection etc. Questions: 1. Can I accomplish what I mentioned I need help with without adding too much risk to my green zone (Linux and XP Pro box). I'm worried about someone gaining root/admin on the "red zone" boxes and attacking my "green zone boxes" 2. Should I utilize one of my old desktops to setup a firewall or router as something between green and red zones. Will IPChains do the trick? 3. Compiling a firewall I can do, setting up routing to deny traffic I'm a bit confused. Would I create two networks and just deny traffic from red to green and green" to red. But allow green to access outside world? 4. I've heard pvlan (private vlan) used around the offfice, would I need a high dollar cisco device to setup a private vlan so that things can't see each other? 5. Buy another hardware router and seperate the two networks? 6. Some other plan that I haven't thought of this morning? Thanks again for any suggestions any of you have. Security has been my driving interest but it's time for me to move past newbie and spend the next year gaining some moderate knowledge. thanks for your help and reading my post that rivals the length of war and peace. David securitydabbler () s1 com
Current thread:
- forensics honeypot and properly seperating networks David S (Nov 08)
- <Possible follow-ups>
- Re: forensics honeypot and properly seperating networks rainmann (Nov 09)
- RE: forensics honeypot and properly seperating networks ListServ (Nov 09)