On Thu, 2003-08-28 at 10:37, Piers Kittel wrote: > Hello all > > Am going to move house soon, and want to re-setup my network again, as I > want to install debian on the network server which is currently RedHat > (DHCP, DNS, proxy etc). But I'm quite worried about security, and want > to know the best ways to find out how to secure the network. I've a > hardware Linksys router/firewall with a WLAN access point built in. As > I know WEP is as secure as a biscuit, how should I setup and secure the > WLAN network?
What threats are you trying to protect against? That decides what you need to take care of. Given that we're discussing computers, many threats can be automated, so only black bag scenarios are beyond possibility. Or are they? Recently here in Florida, a Doctors office was broken into, and what they stole was records in boxes. Patient names, social security numbers, medical records. 18 boxes of them - they knew what they were after. And the computers. The police suggest identify theft. So how far do you want to go? Do you know that your credit card number can linger in the swap partition even though it was never saved to disk? My point is that, like in the Window$ world, simply saying "put on a firewall, and an anti-virus program and you're done. And keep it up to date" doesn't really address the issue. I recommend you buy a book about securing GNU/Linux systems, and use that to guide your understanding and choices. Currently I'm using Real World Linux Security. I'm just getting started. I'm relying on a gateway/router/NAT box in the meantime. They do help, if the features are turned on. And I'm relying on having a /home partition in it's own right and a good backup, so I can rebuild the system securely once I've got a grip on how that should be set up. (My /home data doesn't include much that would affect security best I can tell so far. No GNU/Linux viruses in the email. No root level configuration files in .gtkrc, etc.) But I can blow away my system, and reinstall it not connected to the net, and have a chance to run an intrusion detection system on a clean install to get a baseline. And then update in small bites, so I can monitor it. > And how should I protect my wired network - also I'd like > to be able to "log in" my main PC from outside, such as work or at > friends house? SSH seems to be able to handle this. I haven't seen anyone speak against it, except for the possibility of performance issues if one tries to cram too much over the pipe. That would be a problem with just a network connection anyway, so you'd have to design for that anyway. Cheers, Bret -- bwaldow at alum dot mit dot edu -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
