RE: Securing a Network - What's the most secure Network/Server OS? - Is there a secure way to use Shares?

["Kaminski, Lorenz" <Lorenz.Kaminski () bdr de>]

Hello Chip,

if you want to encrypt the hole networktraffic you may use VPN-Module-Cards(that is a in- or external specialized HW 
which encrypts - transparent for the devices - the Date comming unencrypted from one side and decrypt, if possible, the 
data coming from the other side)on/before every Note/Device/System/Workstation/Server.

Hope that helps

Kind regards

Lorenz Kaminski
Networking Engineer

IT-Security
----------------------------------------------------------------

Bundesdruckerei GmbH
Oranienstraße 91
10969 Berlin

GERMANY

Phone: +49 30 2598-2152
Fax:   +49 30 2598-2139

Lorenz.Kaminski () BDr de
www.Bundesdruckerei.de




-----Ursprüngliche Nachricht-----
Von: listbounce () securityfocus com [mailto:listbounce () securityfocus com] Im Auftrag von Chip Panarchy
Gesendet: Sonntag, 1. März 2009 15:12
An: pen-test () securityfocus com
Betreff: Securing a Network - What's the most secure Network/Server OS? - Is there a secure way to use Shares?


Hello

So far, when I have posted on this Mailing-List I have recieved some very informative replies.

I am currently studying for a few certifications, (amongst them MCSE,
Security+ & the CCNA), and would like to learn how to design a secure
network.

Please help me with this endeavor.

Hypothetical situation;

################################################################
1x Server (no need to go into specs, but let's just say 8GB of RAM and 2x Intel Quad CPU at 2.66GHz) 500x Windows 
Computers (400x Windows XP, 94x Windows Vista and 6x Windows 7) 80x Linux Computers (Ubuntu... and others?) 46x Mac OS 
X Computers (Including 10x Tiger, 34x Leopard and 2x Snow Leopard) 3x FreeBSD (2x v7, 1x v9) 
################################################################

===============================
630 computer all up, including the Server ===============================

Now onto my question. For a convoluted network as pictured above, (hypothetical, of course), what kind of Server (NOS 
included?) operating system should I install, and how should I configure it?

I want to know this only by a security standpoint. Things that are important; ############ # SECURITY # ############
- Encryption of all traffic (256-bit)
- Shares (if possible to have Shares and still maintain a secure network)
- Centralised secure storage of Data (Storage)
- Centralised secure storage of User accounts
- Unattended installation of (at the very least) the 500 Windows boxes
- Internet

Please tell me what I would need in this situation, not interested in how many people would be needed, how much money 
it would cost, or how much time it would take.

Now time to summarise my questions in an easy to review format;

1. Which Server Operating system should I install on my Server? 2. To make the Network fast (e.g. Gigabit NICs on all 
computers & more Servers etc.), as well as secure, what would I need to do? 3. What is the best way to have 256-bit 
encryption of all traffic on this network? 4. Is it possible to have Shared folders, yet still attain a high-level of 
security on this Network? 5. Would it be possible to have Centralised Storage/Resources? 6. Could it be possible to 
have a Centralised User Account database, for this entire network?

Please try your best to answer those 6 questions.

Thanks in advance,

Chip D. Panarchy

PS: I was planning on making this into many little Messages on this Mailing-list, however, I decided against it. If you 
think I should make them into smaller messages (eg 1 of the 6 questions per message) then please tell me.