LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 06-20-2006, 09:51 AM   #1
Gnarg
Member
 
Registered: Feb 2004
Location: Canada
Distribution: Gentoo Linux
Posts: 44

Rep: Reputation: 15
Suggestions to secure a home business network


Hi All,

I'm in the process of redesigning a network at my father in laws place since his partner has left the business. He's concerned about people that his partner may know and try to break through his network. Currently the network is only guarded by a router with firewall capabilities. To add more comfort I thought on adding another computer to be a firewall that will connect to the router ( again which it also has a firewall built in ). Then all computers go through the firewall

All passwords have already been changed, just need more ideas on securing the internet to his internal network.

If my idea is good then please let me know and if you have other ideas which may be more secure then again, please let me know.

Thanks for your help...


Gnarg
 
Old 06-20-2006, 05:50 PM   #2
boredandblogging
Member
 
Registered: Jun 2006
Posts: 62

Rep: Reputation: 15
most routers can be configured to only certain MAC addresses. lock down the router.
 
Old 06-20-2006, 10:30 PM   #3
jiml8
Senior Member
 
Registered: Sep 2003
Posts: 3,171

Rep: Reputation: 114Reputation: 114
A router/firewall appliance provides excellent security. They default to having all inbound ports blocked (except ICMP usually) and since everything is in firmware they are pretty hard to hack.

I have always found one of those devices to be quite adequate. In fact, I have an ASP server that runs on Windows 2000 (I have to...) that is secured with one of those little router appliances and no one to date has hacked it.

For my office LAN, a router appliance guards the internet gateway, iptables protects all Linux machines, and ZoneAlarm (an older version that is firewall only) along with the usual suite of protection software is in place on all Windows machines. Further, we don't use Outlook Express or Internet Explorer to access the internet, and we don't have any problems.
 
Old 06-20-2006, 11:58 PM   #4
fedora4002
Member
 
Registered: Mar 2004
Posts: 135

Rep: Reputation: 15
Do not forget anti-virus and ad-ware stuff.
 
Old 06-21-2006, 01:06 AM   #5
IBall
Senior Member
 
Registered: Nov 2003
Location: Perth, Western Australia
Distribution: Ubuntu, Debian, Various using VMWare
Posts: 2,088

Rep: Reputation: 61
If you want to use a separate computer as a firewall, check out Smoothwall. This is basically a slimmed down distro that runs as a firewall, DHCP, DNS, etc. It has a simple setup utility, and a good web based config tool.

You will need a PC with two or three NICs. One will connect to the untrusted, outside world (Your ISP). Another will be your trusted, internal network, and the third is for a De-militarized zone, where you put any public servers.

Smoothwall uses colour coding for these - Green (Trusted), Red (Untrusted) and Orange (DMZ).

Computers in the green zone will use the smoothwall box for DHCP, and you will need to forward the relevant ports to the respective servers from the smoothwall web interface.

I hope this helps
--Ian
 
Old 06-21-2006, 06:57 AM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,118
Blog Entries: 54

Rep: Reputation: 2787Reputation: 2787Reputation: 2787Reputation: 2787Reputation: 2787Reputation: 2787Reputation: 2787Reputation: 2787Reputation: 2787Reputation: 2787Reputation: 2787
That's nice, but...

If you're concerned about break 'n enter situations then adding another firewall is good, but just one added layer of protection. Focus on what valuables people would like to get their hands on and act on that. If there for instance are valuable documents all over the place you might want to force a central protected storage area and even decide to have some docs encrypted or stored on a disconnected box or tape. Also focus on other ways information can leave the place and take into account what this partner already took with him (as in prevention like revoking certain documents and re-issueing them to clients or business partners).

If we're talking about a judicially volatile situation, if there's an abnormal amount of interest in obtaining information or much financial gain involved it may be "interesting" to invest time in setting up a honeypot as a form of early warning system.
 
Old 06-21-2006, 07:33 AM   #7
Gnarg
Member
 
Registered: Feb 2004
Location: Canada
Distribution: Gentoo Linux
Posts: 44

Original Poster
Rep: Reputation: 15
Very good stuff

Thanks everyone,

This is very good information. The honeypot I totally forgot which I think I'll try and implement as well.

Thanks for the help..



Gnarg
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Suggestions for a Router for business with multiple static IP's TheLinuxDuck Linux - Networking 4 12-20-2005 10:03 AM
Secure Home Network blacky_5251 Linux - Security 4 10-20-2005 08:45 PM
Building a Small / Secure Business Network gbkyle Linux - Networking 6 07-13-2005 06:15 PM
Running a Home-based business firefoxx Linux - Software 2 12-04-2004 08:27 AM
Suggestions for my home network - Linux, other (non-Linux) users, Games, etc. lrt2003 Linux - General 5 05-06-2004 09:11 PM


All times are GMT -5. The time now is 03:10 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration