[VPN] Network Design for security.

Siddhartha Jain losttoy2000 at yahoo.co.uk
Sat Apr 19 02:01:48 EDT 2003


Hi Garrett,

Without going in too much detail, there are a few
things you need to do:

1. Put a firewall (an old pentium with openbsd is an
excellent choice or buy a PIX 501) on your internet
connection and allow access to only those ports/IPs
that absolutely must be accessed from outside world.
If your network is only accessed from fixed networks
then define "from" IP address also. If you don't have
any public access servers then you don't need to allow
any incoming connections. 

2. Check all the services your services are running
and ensure they are bare minimum as required. Audit
each service for security vulnerabilities. 

3. Occasionally, dialup from one of the computers that
are not your home network and scan your IP address
range for list of open ports.

4. Use a good tool like Nessus (www.nessus.org) for
scanning your applications for vulnerabilities.

5. Update apps like IE which can allow a malicious web
site to take over your PC.

IMHO, this should take care of 95% of the crackers who
are nothing but script kiddies.

The chances of a real hacker hitting your network is
very less unless you happen to be Bush, Chirac or some
super secret intelligence service. :-)

As an after-thought, you may consider employing me ;-)

Regards,

Siddhartha
CISSP

--- Garrett Sinfield <garrettsinfield at hotmail.com>
wrote: > Hello. Recently my network was hacked, and
I'm
> planning on rebuilding my
> network (they hacked an outdated ftp server that I
> was unaware was
> running). I'm not sure if this should really be
> going on this mailing
> list, but I was wondering if anyone would know a
> decent network design
> that would implement great security.
> 
> My home LAN currently consists of a cisco 2507
> router (11.2 IOS, soon to
> upgrade IOS) linksys router (four port). A laptop
> running slackware, a box 
> running win98, and two other boxes running linux
> (one box is in a serious 
> need for an upgrade, but I don't have the funds to
> do it yet). My one box 
> has three NIC cards in it as well, so it could be
> used as a router.
> 
> I was just curious if anyone has a good idea for a
> network design that I
> could implement for maximum security. I'm currently
> somewhat clueless when 
> it comes to networks. I'd also like to know where I
> should be placing the 
> VPN, and wether or not I should be using PoPToP or
> FreeS/WAN.
> 
> Any ideas or comments would be appreciated!
> 
> Thanks
> 
> Garrett Sinfield.
> 
> 
> 
> 
> 
> 
> 
>
_________________________________________________________________
> Add photos to your messages with MSN 8. Get 2 months
> FREE*.  
> http://join.msn.com/?page=features/featuredemail
> 
> _______________________________________________
> VPN mailing list
> VPN at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/vpn 

__________________________________________________
Yahoo! Plus
For a better Internet experience
http://www.yahoo.co.uk/btoffer



More information about the VPN mailing list