Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Suggestions for a secure home network

from [Phunkodelic] Network Security [Permanent Link]
Subject: Re: Suggestions for a secure home network
Date: Thu, 13 Apr 2006 08:20:59 -0400 
Frequency of changing SSID?
Policies for establishing that SSID?
Minimizing SSID broadcast?


I don't think the above 3 items have any security merit, as trying to
"hide" your SSID is not a security measure at all.  Anybody who can
sniff wireless traffic can grab the SSID very easily broadcast or
non-broadcast.  There are seveal wireless devices that will not work
properly unless you broadcast the SSID.

On 4/12/06, Alexander Bolante <alexander.bolante@gmail.com> wrote:

From a design perspective, I think it would also be good for you to
have a security checklist:

WLAN Security:
Frequency of changing SSID?
Policies for establishing that SSID?
Minimizing SSID broadcast?
Access point location to reduce eavesdropping?
Locking management interfaces?
Use static IPs vs. DHCP?
MAC-based access restrictions?

Network Security:
Placement in a DMZ?
Use a firewall and setup ACLs/rules that enable access only for known
MAC/IP addresses?
Consider using an IDS if you plan on maintaining the solution?

That's a start. Hopefully then your solution's risk will really just
boil down to physical security.
Good luck, but have fun!

Thanks!
Alexander


On 4/9/06, Edmond Chow <echow@videotron.ca> wrote:


Hello List,

I am looking to put together a home network for a high-end client of mine
and would like your opinion on what type of equipment to use.

Here's an overview of his requirement:

- Two MACs (for his kids) on a wireless network
- Two PCs on a wired network - these two PCs have sensitive information on
them.  These computers would not be used for remote access but only for
internet and email access.  I am thinking of adding hard drive encryption to
these two computers.

I'm thinking of three approaches and would like your thoughts:

#1 - Use a cable modem with non-wireless router for his two PCs and use a
separate DSL modem with wireless router for his two MACs. Double the monthly
cost for internet access but there is no chance that hackers entering
through the MACs will be able to access his PCs.
#2 - Use a router (I was thinking of something like an Astaro router or
Cisco router) for the PCs and then connect a Linksys wireless router with
WPA security to the first router.  The wireless router would be used for the
two MACs.
#3 - Use a wireless router with WPA security for the wireless MACs and then
hard wire the two PCs to the non wireless router ports on the back of the
wireless router.

Any thoughts you would have would be greatly appreciated.  Any manufacturers
and or models you could suggest would also be much appreciated.

Thanks.

Regards,


Edmond




-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected.
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
obligation. See why so many companies trust Spy Sweeper Enterprise to
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------






--
Alexander Bolante | Alexander.Bolante@gmail.com

-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected.
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
obligation. See why so many companies trust Spy Sweeper Enterprise to
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------




-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected. 
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no 
obligation. See why so many companies trust Spy Sweeper Enterprise to 
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: how nmap can know my firewalled servers ?, Jay Stapleton
Next by Date:  Re: how nmap can know my firewalled servers ?, Alexey Eremenko
Previous by Thread:  Re: Suggestions for a secure home network, Alexander Bolante
Next by Thread:  Re: Suggestions for a secure home network, Alexander Bolante
Indexes:  [Date] [Thread] [Top] [All Lists]