hi ya
On Sun, 3 Aug 2003, David Fokkema wrote:
> On Sat, Aug 02, 2003 at 09:16:54PM -0700, Paul Johnson wrote:
> > On Fri, Aug 01, 2003 at 09:04:50PM +0200, David Fokkema wrote:
> > > How large is the risk? If someone is able to crack your firewall box, how
> > > much more trouble is it to crack your DNS/DHCP/Squid server?
> >
> > That has too many variables to properly answer for your case, and
> > there's not a particularly safe general answer.
=== assume that [h/cr]acker have complete access to your fw, servers,
=== workstations ... and network
=== now try to protect your data... its a lot simpler problem to solve
and well defined problem
--
-- assume, that someone, from the outside can always get in if they
-- wanted to spend the time, energy, effort for fun or profit
--
a) try to minimize the loss of data
- assuming that the "company data" is important
- r/d projects
- company financials
- h/r salary info/benefits
....
( keep all those sensitive info off of the internet )
- machine should trust another machine ...
(manually type password and pass phrase should always be required)
- if they break one system, they might not be able to
get into any other server
b) make regular off line backups ... ( stuff that won't ever be erased )
- never overwrite backups with another backups
c) restore your "server" from backups to make sure it works
by re-installing the lastest linux distro from cdrom
- bare metal restore w/ latest/greatest hardware and security
patches
d) once you detect a [h/cr]acker ... do NOT erase or overwrite anything
cease all remote user and root logins and try to isolate what
they have been watching and sniffing
since you dont know how long the [cr/h]acker has been
sniffing your network before you noticed them ...
you don't know the integreity of your backups either
e) outside folks just need access to the "webserver" ...
nothing inside the company
f) if you allow vpn from home and wireless access to internal servers
than you've got some serious "network security policy and enforcement"
problems
- you can't control the network of the user's home systems
or their laptops
-- lots of security policy rules to create ... and enforce
most likely... all these "oh shit" will be an internal employee that
needs access to a server they shouldnt be trying to get into because
everybody else that could have given them the pwd or info is on
vacation, bz, forgot or ??
c ya
alvin
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
