Penetration Testing mailing list archives

Re: Secure Home Networking?

From: Brett Campbell <brett () custom-tech net>
Date: Mon, 26 May 2003 19:34:41 -0700

Sandy,

My 2-minor-cents.. (fundamentals)

I'd simply ensure that you have no extra services listening/availale to the outside world.  IOW, if you have one of 
those linksys or dlink SOHO routers, make sure web administration is not enabled on the 'outside' interface, netbios is 
not forwarding inside your lan, etc.  Keep the firmware on the router updated.  If you have a unix fw you could deny 
icmp echo req's, etc.  You should then run nmap against your IP from an untrusted host (ie, everyone else) on the 'net. 
 As long as you don't have common ports like 80, 139, etc just sitting there waiting to be probed, you should be 
alright.  I run sshd on an obscure port that *isn't* listed in {/etc/,/usr/share/nmap/nmap-}services, just so i can 
access my machine from anywhere on the internet.  Keep ssh updated, obviously.  This thwarts most of the 'would-be's 
and s|<1pT kidz.  Hope you didn't already know all this,

Brett

On Mon, May 26, 2003 at 02:47:12PM -0600, Sandy Turner wrote:

Any suggestions on tests to run to judge the security of a home 
network?  There are a number of online port scanning services (e.g. 
ShieldsUP http://grc.com), as well as the standard Nessus and nmap tools.


---------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies 
that are enforced to protect WLANs from known vulnerabilities and threats. 
Learn to design, implement and enforce WLAN security policies to lockdown 
enterprise WLANs.

To get your FREE white paper visit us at:    
http://www.securityfocus.com/AirDefense-pen-test
----------------------------------------------------------------------------


-- 
Brett Ryan Campbell
Systems Administrator, CAD Research Center
Cal Poly State University, San Luis Obispo, CA 93407
http://www.cadrc.calpoly.edu/frameset_content/content_about_us.html

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Secure Home Networking? Sandy Turner (May 26)
- Re: Secure Home Networking? R. DuFresne (May 27)
- Re: Secure Home Networking? Brett Campbell (May 27)
- <Possible follow-ups>
- Re: Secure Home Networking? Martin Wasson (May 27)
- RE: Secure Home Networking? DeGennaro, Gregory (May 27)
- RE: Secure Home Networking? Brewis, Mark (May 29)