Re: Secure Home Networking?

From: Brett Campbell (brett_at_custom-tech.net)
Date: 05/27/03

  • Next message: Amal Al Hajeri: "Re: Pen test courses" 
    Date: Mon, 26 May 2003 19:34:41 -0700
To: Sandy Turner <slt@lanl.gov>

    Sandy,

    My 2-minor-cents.. (fundamentals)

    I'd simply ensure that you have no extra services listening/availale to the outside world. IOW, if you have one of those linksys or dlink SOHO routers, make sure web administration is not enabled on the 'outside' interface, netbios is not forwarding inside your lan, etc. Keep the firmware on the router updated. If you have a unix fw you could deny icmp echo req's, etc. You should then run nmap against your IP from an untrusted host (ie, everyone else) on the 'net. As long as you don't have common ports like 80, 139, etc just sitting there waiting to be probed, you should be alright. I run sshd on an obscure port that *isn't* listed in {/etc/,/usr/share/nmap/nmap-}services, just so i can access my machine from anywhere on the internet. Keep ssh updated, obviously. This thwarts most of the 'would-be's and s|<1pT kidz. Hope you didn't already know all this,

    Brett

    On Mon, May 26, 2003 at 02:47:12PM -0600, Sandy Turner wrote:
    > Any suggestions on tests to run to judge the security of a home
    > network? There are a number of online port scanning services (e.g.
    > ShieldsUP http://grc.com), as well as the standard Nessus and nmap tools.
    >
    >
    > ---------------------------------------------------------------------------
    > *** Wireless LAN Policies for Security & Management - NEW White Paper ***
    > Just like wired networks, wireless LANs require network security policies
    > that are enforced to protect WLANs from known vulnerabilities and threats.
    > Learn to design, implement and enforce WLAN security policies to lockdown
    > enterprise WLANs.
    >
    > To get your FREE white paper visit us at:
    > http://www.securityfocus.com/AirDefense-pen-test
    > ---------------------------------------------------------------------------- 

    -- 
Brett Ryan Campbell
Systems Administrator, CAD Research Center
Cal Poly State University, San Luis Obispo, CA 93407
http://www.cadrc.calpoly.edu/frameset_content/content_about_us.html
---------------------------------------------------------------------------
----------------------------------------------------------------------------
  • Next message: Amal Al Hajeri: "Re: Pen test courses"

    Relevant Pages

    • [REVS] Hacking the Invisible Network (Insecurities in 802.11x)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Wireless network technology is becoming increasingly popular but, ... but it does at least provide a deferent to attackers. ... WLANs introduce security risks that must be understood and mitigated. ...
      (Securiteam)
    • RE: Secure Home Networking?
      ... Subject: Secure Home Networking? ... is completely dependant upon the configuration of the home network. ... They will only serve to lull you into a false sense of security ... that are enforced to protect WLANs from known vulnerabilities and threats. ...
      (Pen-Test)
    • Secure Home Networking?
      ... Just like wired networks, wireless LANs require network security policies ... implement and enforce WLAN security policies to lockdown enterprise WLANs. ...
      (Pen-Test)
    • SecurityFocus Microsoft Newsletter #50
      ... Subject: SecurityFocus Microsoft Newsletter #50 ... Specialist in Microsoft's Security Services Partner Program, ... Network Monitoring for Intrusion Detection ... Relevant URL: ...
      (Focus-Microsoft)
    • << SBS News of the week - Sept 26 >>
      ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
      (microsoft.public.backoffice.smallbiz)