Thursday, November 16, 2006
Third Item - Internal Network Protection
I don't think I would have believed it, but I have experienced it. People trying to hack my system...like I have something they want, like my system is something special...
The reality is, most attacks are from kids who are bored. They have bots that walk the network looking for open ports on all available IP Addresses. When They find one that is open, they play with it. This "playing" might be benign, or it might be malicious. Why take the chance...?
So I figured I should secure my network.
I put in a Linux powered router from Linksys, a WRVS4400N Wireless Router with Wireless A/B/G/N capability. It is also seriously security minded.
Trust me, don't skimp on this hardware. Spend the money.
I would suggest at least 2 layers of protection, a good hardware firewall/router and a good software firewall. Linux has several nice features, including restriction of individual ports, and a better user/password setup than that which Windows uses. There are other features that protect your Linux system.
Most of that is done without your knowledge, as the system requires logins to access...
SSH also allows for using certificates only, but I haven't gone into that yet. Better, download and install Fail2Ban...this is a cool utility that scans different services (their logs) and looks for failed access attempts. You can set it for the number of attempts...then it sets a lock against the IP address in the IPTables, for a limited time (that way, you IPTables file doesn't grow to the size of your hard disk)
With all the logged activity against my server, I have wondered what I could do about it. So I think I will work out a system that will email the fail2ban info to te technical contact email of the whois log. Try doing THAT with Windows Servers...
There are many things you can do for security via. obscurity...
Don't use the normal internal IP that is offered by your DHCP (router) server, 192.168.0.0. Use something different, 192.168.41.0 for instance.
Disable the Guest accounts.
Require a certificate when using SSH
Disable FTP
With Wireless, don't broadcast your SSID, use WPA or something similar that requires a key or certificate
Lock your wireless down to MAC Addresses of the allowed machines (and even wired, if you can)...
Don't use your name as a login...and don't use dictionary passwords...
There are more items, but they don't count for my network, because my DHCP isn't the Linux Box...but if it were,
you can have trusted and untrusted sides to your network, both wired and wireless. You can set up vlans and other inter network security.
Create a virtual machine, or honeypot, and a IP tracer for Intrusion Protection...
The reality is, most attacks are from kids who are bored. They have bots that walk the network looking for open ports on all available IP Addresses. When They find one that is open, they play with it. This "playing" might be benign, or it might be malicious. Why take the chance...?
So I figured I should secure my network.
I put in a Linux powered router from Linksys, a WRVS4400N Wireless Router with Wireless A/B/G/N capability. It is also seriously security minded.
Trust me, don't skimp on this hardware. Spend the money.
I would suggest at least 2 layers of protection, a good hardware firewall/router and a good software firewall. Linux has several nice features, including restriction of individual ports, and a better user/password setup than that which Windows uses. There are other features that protect your Linux system.
Most of that is done without your knowledge, as the system requires logins to access...
SSH also allows for using certificates only, but I haven't gone into that yet. Better, download and install Fail2Ban...this is a cool utility that scans different services (their logs) and looks for failed access attempts. You can set it for the number of attempts...then it sets a lock against the IP address in the IPTables, for a limited time (that way, you IPTables file doesn't grow to the size of your hard disk)
With all the logged activity against my server, I have wondered what I could do about it. So I think I will work out a system that will email the fail2ban info to te technical contact email of the whois log. Try doing THAT with Windows Servers...
There are many things you can do for security via. obscurity...
Don't use the normal internal IP that is offered by your DHCP (router) server, 192.168.0.0. Use something different, 192.168.41.0 for instance.
Disable the Guest accounts.
Require a certificate when using SSH
Disable FTP
With Wireless, don't broadcast your SSID, use WPA or something similar that requires a key or certificate
Lock your wireless down to MAC Addresses of the allowed machines (and even wired, if you can)...
Don't use your name as a login...and don't use dictionary passwords...
There are more items, but they don't count for my network, because my DHCP isn't the Linux Box...but if it were,
you can have trusted and untrusted sides to your network, both wired and wireless. You can set up vlans and other inter network security.
Create a virtual machine, or honeypot, and a IP tracer for Intrusion Protection...
