Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_bbcode.php on line 2958
Your Security
Results 1 to 10 of 10

Thread: Your Security

  1. #1

    Your Security

    Post what you use and the configuration. Always helps others find new ways to use tools for their own protection.

  2. #2

    Re:Your Security

    I have the following setup:

    WAN ------> Firewall appliance ------> DMZ IDS -------> iptables choke firewall -------> LAN IDS/Syslog server w/ log sentry

    Basically I have an IDS sitting behind each of my firewalls to log any malicious traffic that gets past the firewall and onto my DMZ or LAN. Each IDS logs to a centralized analysis console/database. Everything else logs to a centralized syslog server with log sentry installed.

    In addition to this, I filter viruses at the mail gateway on the DMZ and also have a centralized antivirus server that allows me to distribute updates, check the health of all my LAN clients and scan my entire domain from one admin's console.

    I also do a number of other things, like LAN instituting specific group policies that only allow an approved list of executables to run on all domain work stations. I run periodic Nessus scans across given parts of the network and refuse to use IIS, Exchange or Outlook. I run as many hardware terminals instead of PC's as I can so I have better control over what my users can and cannot do to their boxes.

    As a rule, I try to run as many different types of security products I can on as many different platforms as I can: 2 different firewalls, different IDS's, different virus scanning engines. This way, the vunerabilities or false positives of one has a better chance of being picked up by the other. If your IDSs and firewalls are all of the same platform, then you have a single point of failure for that given device. It makes administation a little harder, but gives you s greater perspective of what is actually happening on your network.

    IMHO, security has to be very comprehensive if it is to be effecitve across a large environment.

    Did I just give away all my secrets?

  3. #3
    Senior Member
    Join Date
    May 2001

    Re:Your Security

    Just iptables that blocks/locks everything but ssh. Local security is handled by my chow-chow and a 12 ga. shotgun.

  4. #4
    Good Guru
    Schotty's Avatar
    Join Date
    Jul 2001
    Milwaukee, WI

    Re:Your Security

    [quote author=ph34r link=board=5;threadid=3628;start=0#36897 date=1023373669]
    Just iptables that blocks/locks everything but ssh. Local security is handled by my chow-chow and a 12 ga. shotgun.

    Come on!!! Get with the times! We have tesla coils and plasma rifles laying around in SUCH abundance these days -- who needs a 12ga ?

  5. #5

    Re:Your Security

    ipchains here .. i have used http://fli4l.de -> great router and a great firewall

  6. #6

    Re:Your Security

    On my home boxen, I just have iptables.

  7. #7

    Re:Your Security

    Here is my basic setup ...

    Internet ---> pf ---> iptables ---> portsentry/swatch/snort ---> hosts.deny ---> me with a bat.

  8. #8

    Re:Your Security

    Internet --> OpenBSD with pf (ph34r!!!~~) --> LAN

    My previous setup:

  9. #9

    Re:Your Security

    That is freaking brilliant.

  10. #10

    Re:Your Security

    lol nice!

Similar Threads

  1. Security
    By jj0493 in forum Windows - General Topics
    Replies: 1
    Last Post: 01-14-2007, 04:24 AM
  2. PC Security
    By Ishtar in forum Windows - General Topics
    Replies: 5
    Last Post: 02-17-2005, 11:12 PM
  3. Security
    By pinehead in forum Linux - General Topics
    Replies: 1
    Last Post: 07-30-2002, 02:47 AM
  4. A little security help please
    By rick420 in forum Linux - Software, Applications & Programming
    Replies: 58
    Last Post: 02-17-2002, 12:02 PM
  5. *nix Security
    By Sekihmet in forum Announcements and Suggestions
    Replies: 2
    Last Post: 09-12-2001, 11:34 PM


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts