Jump to content

2 computers.


Employee

Recommended Posts

Pentium 1 - Turn into a firewall/gateway, with something like M0n0wall and ditch your horrible consumer router (if you have one).

Pentium 3 - VPN/DNS/IDS/Proxy to make your network run blisteringly fast and have very very good security. (Using Linux/BSD Distro of your choise, my recommendations, FreeBSD/Suse if you want to be able to do it quickly without much knowledge. Or to be uber 1337 use OpenBSD, which unless you know OpenBSD already, has an extremely steep learning curve, i still think its beyond the vertical, i.e. greater than 90 degress.)

Link to comment
Share on other sites

For some reason I think a cluster might be a really pointless application for those two computers.

VaKo, IDS is usually signiture based and you make all the traffic from your network go into a specific nic on the IDS server (usually be network taps or mirroring ports on switches/routers) and then it looks at all the traffic, compares it to the signitures and rules and if it finds something dodgy, like someone is port scanning your private IP range then you can set it up to warn you or do something. Have a look at Snort for a open-source IDS system, very good documentation. http://www.snort.org/

And this how a honeypot works: http://en.wikipedia.org/wiki/Honeypot_%28computing%29.

Link to comment
Share on other sites

Nice one, thanks.

Total n00b question I know, but since most of the documentation is geared for people who have a clue i have to ask.

Is it a case of dedicating an entire box to Snort, or can i add a 2nd NIC to a box and use a general web/file/radius server as my IDS as well? And would I need a switch with a monitor port, or could i just softmod a wrt54g to do the same?

Link to comment
Share on other sites

You can use a machine running other services, but you need 2 nics, one which all the other services listen on and communicate on, then the other for Snort to monitor the network traffic on. Snort will then communicate through the first interface if it needs to acces the network.

I would recommend building a network tap, there not expensive, as most consumer routers/switches don't support port mirroring (i haven't seen a hack for something either). This is how to build a passive network tap http://www.snort.org/docs/tap/.

Quite simple, and I have one placed between my router and the first switch onto the network. That way all network traffic leaving the network or coming in from the internet is monitored, I considered this the most important area to monitor.

Link to comment
Share on other sites

How does a honey pot work? And how does a IDS work? My freeBSD box is kicking for functions right now.
Honey Pot Systems are decoy servers or systems setup to gather information regarding an attacker or intruder into your system. It is important to remember that Honey Pots do not replace other traditional Internet security systems; they are an additional level or system.

Honey Pots can be setup inside, outside or in the DMZ of a firewall design or even in all of the locations although they are most often deployed inside of a firewall for control purposes. In a sense, they are variants of standard Intruder Detection Systems (IDS) but with more of a focus on information gathering and deception.

An example of a Honey Pot systems installed in a traditional Internet security design:

Image17.gif

A Honey Pot system is setup to be easier prey for intruders than true production systems but with minor system modifications so that their activity can be logged of traced. The general thought is that once an intruder breaks into a system, they will come back for subsequent visits. During these subsequent visits, additional information can be gathered and additional attempts at file, security and system access on the Honey can be monitored and saved.

http://www.sans.org/resources/idfaq/honeypot3.php

something like Honeyd creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their personality can be adapted so that they appear to be running certain operating systems. Honeyd enables a single host to claim multiple addresses.

Link to comment
Share on other sites

I'm just starting to learn my way around freeBSD, what are the pros of using openBSD and how does it compare to freeBSD in terms of usability and community support for idiots like myself?

Link to comment
Share on other sites

I'm just starting to learn my way around freeBSD, what are the pros of using openBSD and how does it compare to freeBSD in terms of usability and community support for idiots like myself?

The difference between FreeBSD and OpenBSD is OpenBSD prides itself on security, only one remote security hole in 8 years in a default installation. Which I think anyone has to say is pretty impressive.

FreeBSD makes a better desktop OS in my opinion and probably wouldn't use OpenBSD as my desktop.

OpenBSD group is also responsible for things like OpenSSL and pf to name a couple of well know applications.

OpenBSD is very hard to learn though, you really need a good book and time with a machine and the documentation to use it. I recently found this website that might help, it looks quite good but haven't had a good look yet. http://www.openbsd101.com/

Probably I would recommend that you stick to FreeBSD and learn that well, you would be then well suited to explore OpenBSD and you should pick it up much quicker.

Its also worth noting the OpenBSD community can be very unforgiving. There are some really great people out there that will help you but I find the majority of OpenBSD users a tad on the snobbish side. Say you ask for help on a subject, if it is in the documentation they will just tell you to read the documentation, not which documentation or any specifics. And thats a fairly nice responce.

Link to comment
Share on other sites

I'm just starting to learn my way around freeBSD, what are the pros of using openBSD and how does it compare to freeBSD in terms of usability and community support for idiots like myself?

The thing with OpenBSD that you have to keep in mind before you even think about using it is it’s security and stability first and usability later, I believe it also supports a greater number of platforms. FreeBSD on the other hand has usability as their key target and security and stability second which is one of the reasons I don’t use it, the other is, I am use to OpenBSD and I see little point in switching to an OS which is inferior to OpenBSD.

Community support does exist for OpenBSD but it’s not as good as FreeBSD’s, generally speaking if you use OpenBSD you are expected to know how it works.

It is not noob friendly in anyway.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...