Penetration Testing mailing list archives
Re: Securing a Network - What's the most secure Network/Server OS? - Is there a secure way to use Shares?
From: "Michael Condon" <admin () singulartechnologysolutions com>
Date: Tue, 3 Mar 2009 19:45:57 -0600
I'd recommend (from past experience): - Which Server Operating system should I install on my Server? If Microsoft, 2008. - Preferably Cisco gear for backbone, MDF, IDF's, 10 gig Backbone.- 10/100/1G NICS are standard (btw - if anyone has ever seen a user other than an admin hit 30% on a 1G link, I'd wonder what they were doing) - VLAN's/subnetting depends on your physical layout & IDF locations. Cisco allows various levels of NAC.
- Shares (if possible to have Shares and still maintain a secure network)I'd actually disable user sharing, no exceptions. Use NAS, and role based/Access Control/Least Privilege security. Get the org chart, have a sit down with dominant alpha managers, starting point is nobody can look at anything and proceed from there. Nobody can even see their own (and of course someone else's) password in plain text, including admins. I'd recommend following NIST/FDCC guidelines, but that's up to you. - Encryption to the desktop - usually that's done at the app level, or on routers. I may be TFOS on this...... - Whether you're converting the Unix machines to Windows or installing new, just use RIS (sorry, Windows Deployment Services - New OS version, new name as usual). And patch/duct tape the desktops (and of course Servers) daily. - If you plan on using Windows on the server side, just use the native MS Active Directory for security & policies. A PDC, plus preferably two BDC's. Are you converting from Linux/Unix to MS or keeping a blend? And email, IDS, firewall, Spam, AV? Mac's are another story. Usually if someone says they absolutely need a Mac, if they're reasonably credible & intelligent, they more than likely are correct. Or if the user asking for a Mac has a yearly bonus or severance package that's more than you'll make in ten years, he'll get one.
-------------------------------------------------- From: "Chip Panarchy" <forumanarchy () gmail com> Sent: Sunday, March 01, 2009 8:12 AM To: <pen-test () securityfocus com>Subject: Securing a Network - What's the most secure Network/Server OS? - Is there a secure way to use Shares?
Hello So far, when I have posted on this Mailing-List I have recieved some very informative replies. I am currently studying for a few certifications, (amongst them MCSE, Security+ & the CCNA), and would like to learn how to design a secure network. Please help me with this endeavor. Hypothetical situation; ################################################################ 1x Server (no need to go into specs, but let's just say 8GB of RAM and 2x Intel Quad CPU at 2.66GHz)500x Windows Computers (400x Windows XP, 94x Windows Vista and 6x Windows 7)80x Linux Computers (Ubuntu... and others?)46x Mac OS X Computers (Including 10x Tiger, 34x Leopard and 2x Snow Leopard)3x FreeBSD (2x v7, 1x v9) ################################################################ =============================== 630 computer all up, including the Server =============================== Now onto my question. For a convoluted network as pictured above, (hypothetical, of course), what kind of Server (NOS included?) operating system should I install, and how should I configure it?I want to know this only by a security standpoint. Things that are important;############ # SECURITY # ############ - Encryption of all traffic (256-bit) - Shares (if possible to have Shares and still maintain a secure network) - Centralised secure storage of Data (Storage) - Centralised secure storage of User accounts - Unattended installation of (at the very least) the 500 Windows boxes - Internet Please tell me what I would need in this situation, not interested in how many people would be needed, how much money it would cost, or how much time it would take. Now time to summarise my questions in an easy to review format; 1. Which Server Operating system should I install on my Server? 2. To make the Network fast (e.g. Gigabit NICs on all computers & more Servers etc.), as well as secure, what would I need to do? 3. What is the best way to have 256-bit encryption of all traffic on this network? 4. Is it possible to have Shared folders, yet still attain a high-level of security on this Network? 5. Would it be possible to have Centralised Storage/Resources? 6. Could it be possible to have a Centralised User Account database, for this entire network? Please try your best to answer those 6 questions. Thanks in advance, Chip D. Panarchy PS: I was planning on making this into many little Messages on this Mailing-list, however, I decided against it. If you think I should make them into smaller messages (eg 1 of the 6 questions per message) then please tell me.
No virus found in this incoming message. Checked by AVG - www.avg.comVersion: 8.0.237 / Virus Database: 270.11.7/1982 - Release Date: 03/03/09 16:09:00
Current thread:
- Securing a Network - What's the most secure Network/Server OS? - Is there a secure way to use Shares? Chip Panarchy (Mar 03)
- Re: Securing a Network - What's the most secure Network/Server OS? - Is there a secure way to use Shares? Michael Condon (Mar 04)
- RE: Securing a Network - What's the most secure Network/Server OS? - Is there a secure way to use Shares? Kaminski, Lorenz (Mar 10)