From: Martin Wasson (martin_wasson@mastercard.com)
Date: Mon May 26 2003 - 18:58:21 EDT
$Home Network=?????????
NNSA, huh? Hmmmm...sounds interesting, Sandy. The answer to your question
is completely dependant upon the configuration of the home network. We
might assume it has an Internet connection, since you've considered
ShieldsUP. Is the Internet connection persistent (always up/on)? Does the
network have mail, dns, web, or ftp servers. Is the network protected by a
firewall? What OS are the hosts running? Are you doing any Intrusion
Detection. Are multiple hosts networked via a hub or a switch? Don't
reply with the answers, of course. These are all questions you must ask
yourself in doing *your own* vulnerability assessment. You don't need no
stinking online services, Sandy. If you dig your heels in and do this
yourself, when you're done, you'll *know* if it's secure or not. All of
the automated tools in the world won't really answer your question, Sandy.
They will only serve to lull you into a false sense of security
(unavoidable pun). You probably won't like this advice, but if I were you,
and your network is exposed to the internet, and you clearly don't know if
it's locked down, I'd err on the side of caution & presume I've been
compromised. There is really no point in trying to secure a compromised
box, right? Unplug, format, reinstall, secure. I'd start here:
http://www.spitzner.net/. Before you're done you need to try to find out
what vulns/exploits are out there for *everything* you're running. E.g.,
do you have a web server? If it's Apache, what can the httpd.conf file do
for my security? Is OpenSSL installed? What version? What's in the
cgi-bin directory? You're not just protecting yourself, you're protecting
your fellow netizens. Remember, they don't pop you because they want
what's on your boxen, they pop you so they can use you as a
launchpad/scapegoat to go after someone else. If they go after the wrong
people using *your* equipment...you could have a LOT of explaining to do.
I hope this helps.
Sandy Turner
<slt@lanl.gov> To: pen-test@securityfocus.com
cc: (bcc: Martin Wasson/STL/MASTERCARD)
05/26/2003 03:47 Subject: Secure Home Networking?
PM
Any suggestions on tests to run to judge the security of a home
network? There are a number of online port scanning services (e.g.
ShieldsUP http://grc.com), as well as the standard Nessus and nmap tools.
---------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies
that are enforced to protect WLANs from known vulnerabilities and threats.
Learn to design, implement and enforce WLAN security policies to lockdown
enterprise WLANs.
To get your FREE white paper visit us at:
http://www.securityfocus.com/AirDefense-pen-test
----------------------------------------------------------------------------
---------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies
that are enforced to protect WLANs from known vulnerabilities and threats.
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.
To get your FREE white paper visit us at:
http://www.securityfocus.com/AirDefense-pen-test
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:33 EDT