Designing a secure network
Hey Guys,
so i am trying to design a secure network with a reasonable level of intrusion prevention. the specs would be a primary and sec web server, a mail server, a honeypot, an oracle db server, an appl server, a Hogwash, an NIPS sensor and about 3 HIPS sensors. any suggestions. |
Sounds like you have it mapped out. Any specific questions?
|
Response
Well i am not sure were the NIPS and HIPS sensors should be placed. i am also not too familiar with the honeypot and hogwash. I was hoping for outline and sample drawings
|
If you google "nips hips sensors" you get a bunch of hard core references on the first page of hits.
You haven't provided enough information here for anyone to give you any kind of network configuration, outline or drawings. Anyway, I'm taking off on vacation, so someone else will have to pick this up if you decide to provide more detailed information with specific questions. |
I not sure you can follow my way or not but i consider i doing advance
network intranet design involved with dedicated firewall using ipcop in datacenter this is the design layout example 5 public ip given by IDC and with private ip 192.168.68.65/28 create my own way private ip calculation as following Code:
[noc@nc ~]$ ipcalc 192.168.68.65/28 - public ip = 202.100.188.200 eth0 -> switch - private ip = 192.168.68.65 eth1 -> switch - dhcp = off 1.1) win2k server 1 - ip = 192.168.68.66 = openport for rdesktop in firewall 3366 1.2) win2k server 2 - ip = 192.168.68.67 = openport for rdesktop in firewall 3367 2) Install linux with apache - public ip = 202.100.188.201 eth0 -> switch - Private ip = 192.168.68.68 eth1 -> switch - Apache rewrite code domain1 point to win2k server 1 - Apache rewrite code domain2 point to win2k server 2 3) Linux Mail Server - Private ip = 192.168.68.69 - open all required port for mail server from firewall - all mx record point to firewall public IP follow this way u can have many server in IDC work with xen also , i have setup many xen guest with intra ip can be access from outside via firewall and domain with apache rewrite code I also setup dns server with xen for ns1 and ns2 , u can use public ip or private ip but must open port accordingly hope u can get clue with this FYI i mixed public ip and private ip in the same switch |
Response to router
Thank you so much for this. its going to help me a lot.
Do you know anything about honeynets and hogwash's? were would you place them in a network/ |
i sure hogwash need to implement inside firewall box,
for dedicated firewall i suggest you use untangle its equal to sonicwall and its free, i got to know it last time because the adds in this LQ but honeynet honeypot are you going to use for forensic analysis? i dont know about other ppl but for me, i will never put this honey on my network, its like you calling flies to get the honey you provided but you ready to blow them with fumakila made in japan :) |
Response to router
lol. you are funny.
Well yes, we re to design a network with an intrusion prevention system and the honeypot would be for forensic analysis. You have been really helpful so far. One more question. Any suggestions on how you would protect each of your servers? thanks |
Protection considerations:
1. ownerships/permissions 2. SELinux if available (RH based for example) 3. /etc/hosts.allow, /etc/hosts.deny 4. firewall ie iptables 5. disable remote login by root for ssh 6. disable text logins entirely eg telnet, ftp, rsh, rexec, remsh etc http://www.informit.com/articles/art...p=169465&rll=1 7. see Security forum here at LQ, but chkrootkit, rkhunter, samhain, aide etc |
consider what is told by chrism01
i add 3 following 1) keep your system update 2) change your ssh / ftp port if posible - because this is main target from kid scripts 3) for more advance i depend on apache rewrite code forward domain to another lan server and its not so dificult to do as live example try scan http://hrms.ajv.com.my/ i dont mind to show up my own life server Code:
[rou@cos ~]$ lynx -head -source http://hrms.ajv.com.my/ ps.. sorry my english :) |
All times are GMT -5. The time now is 08:33 PM. |