Re: Requesting security tips on network setup
From: those who know me have no need of my name (not-a-real-address@usa.net)Date: 04/07/02
- Next message: Nico Coetzee: "Re: Web server security?"
- Previous message: drumstik: "Re: Exploit site finding new exploits"
- In reply to: Ryan Gaudet: "Requesting security tips on network setup"
- Next in thread: Mike Reilly: "Re: Requesting security tips on network setup"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: those who know me have no need of my name <not-a-real-address@usa.net> Date: Sun, 07 Apr 2002 05:29:33 -0000
<3CAF861E.2090801@hotmail.com> divulged:
>I've just finished setting up my small business network and was hoping
>that someone could maybe suggest some tips to make my network as
>invisible to the outside world as I can. I'm not naive, I know that if
>someone really wants to get in that they will but I at least don't want
>to have my network sitting with a "Come and crack me" sign on it's back....
>I'm going to work from the outside (Internet) in;
invisible is the wrong thing to shoot for, protected is what you want.
why? because you are forwarding ports you won't be invisible no matter
what else you do. since you are using a napt router you have a fair
amount of safety, but the three services you are forwarding will have to
be watched. all of the daemons you've mentioned have had exploits
against older versions, and there's no reason to think that exploits
won't be found for the current versions (at some point), so vigilance
(watch your logs, active and/or passive monitoring, and pay attention to
security notices) will be the key to keeping things running well.
make a plan for what you'll do _when_ (not if) you are cracked. there's
not all that much that really needs to be done, in terms of steps. each
step might mean lots of work though. why? so that you are calm when it
happens.
btw: don't dismiss the imap server from your mind, just because it's
non-critical. it's inside your network, so if it's broken into it can
be used to do all sorts of other unpleasant things.
>I've also set my router up to block ICMP requests as well.
this is up to you, but i find it's not all that useful to do, i.e.,
what do you think you are accomplishing? preventing your isp from being
able to check the health of your service? preventing load balancers from
providing the "closest" ip address for a cached service (e.g., yahoo)?
preventing ... ?
>Can anyone give me any extra suggestions or is that about all I can do?
port filters on each machine in case the router "fails." enable the
router's remote syslog support, and capture that on some system,
preferably not a system providing any other services. snort to watch
the traffic you allow in. subscribe to mailing lists or monitor web
pages for updates to any software you use and for your router.
but also, relax.
-- bringing you boring signatures for 17 years
- Next message: Nico Coetzee: "Re: Web server security?"
- Previous message: drumstik: "Re: Exploit site finding new exploits"
- In reply to: Ryan Gaudet: "Requesting security tips on network setup"
- Next in thread: Mike Reilly: "Re: Requesting security tips on network setup"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
