Securing Your Network?
Barkmullz asks: "I just recently finished yet another security review on the network at my place of employment. I designed the different security features from scratch and I am using a variety of devices and software (firewalls, IDS, DMZs, and so on). I like to look at network security with the same attitude as I look on the stock market: diversify. Don't put all your eggs in one basket. As I was pondering the review results I wondered what a completely unbiased observer would think of my security. I remember thinking that someone should start a radio show similar to James Cramer's RealMoney and ask the listeners: Are you secure? I am aware of what the NSA considers to be a secure network, but, honestly, who has read that stuff? What do you consider to be a secure network? What low-budget security features have you come up with? I don't think I am the only one spending evenings and weekends playing around with yet another IDS."
I heard about this honey pot feature for network security. I installed them on each users computer, but they keep using the honey in their tea. Maybe it was not installed correctly?
Since you posted this on /. you obviously aren't interested in security through obscurity!
I don't think I am the only one spending evenings and weekends playing around with yet another IDS.
Think again!
The way I secure my systems, is not to put them on a network, though it does make email a bitch...
I look on the stock market: diversify. Don't put all your eggs in one basket.
Thanks for the link, I didn't know what diversify meant.
get all your shit working. Cut the lan/wan/internet lines, brick it in with now doors and spray the outside with teflon.
Hire a muscle head with a 8th level Edu to guard the brick box with a baseball bat.
Other than that your just playing the odds like the rest of us.
Neck_of_the_Woods
#/usr/local/surf/glassy/overhead
Step 2) Arange equipment in nice steel shipping container.
Step 3) Toss the entire thing into the bowels of either your local foundry's furnace or your closest actively erupting volcano
Step 4) Giggle because the poster never said the network had to work or anything....
I'm a little tea pot.
Not just diversify, but think in layers
I laughed my ass off when I read this, because I read it as "think in lawyers". Security through litigation? If only that didn't happen.
Ogres have layers, onions have layers.
Ogres are not like cake.
1) Fire developers
2) Fire users
: .. cut the lan/wan/internet lines ..
:
This is a very important part that is often overlooked as demonstrated by the following example
The University of North Carolina has finally found a network server that, although missing for four years, hasn't missed a packet in all that time. Try as they might, university administrators couldn't find the server. Working with Novell Inc. (stock: NOVL), IT workers tracked it down by meticulously following cable until they literally ran into a wall. The server had been mistakenly sealed behind drywall by maintenance workers.
3.243F6A8885A308D313
I am aware of what the NSA considers to be a secure network, but, honestly, who has read that stuff?
Probably professionals who weren't picked to be the "security guy" by a game of spin the bottle at the last office meeting.
Really, we will.
We won't break too much along the way.
We promise.
(It's humor, laugh.)
NetInfo connection failed for server 127.0.0.1/local
Use WindowsME with file sharing enabled and no patches as your firewall. Hackers will explode with excitement before they can intrude...leaving nothing behind but steaming puddles of Dr Pepper.
You might think I'm joking but this actually works! Go ahead and try it, then post your IP address to this site. Your boss will thank you for the amazing audit!
(-1, Raw and Uncut is the only way to read)
Your network is pretty secure compared to the average. However, ...
Your root password is "sheila".
Your social security number is 182-90-6134.
You just broke up with your girlfriend.
And you really ought to get a disk-wipe program to remove all traces of those deleted pornos.
- For the complete works of Shakespeare: cat
Our network is Novell, our e-mail is groupwise, and we don't use Cisco products.
Aaah yes... "Security through obsolescence".
yeah, I keep all my linux boxes behind a windows 98 box with internet connection sharing.
What about parfait? Everybody likes parfait.
(If you don't get it, you don't have a 3yr old Shrek junkie in your house)
Do not taunt Happy-Fun Ball