LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-02-2009, 09:37 PM   #1
deedi01
LQ Newbie
 
Registered: Jul 2009
Location: Maryland
Posts: 7

Rep: Reputation: 0
Question Designing a secure network


Hey Guys,

so i am trying to design a secure network with a reasonable level of intrusion prevention. the specs would be a primary and sec web server, a mail server, a honeypot, an oracle db server, an appl server, a Hogwash, an NIPS sensor and about 3 HIPS sensors.

any suggestions.
 
Old 07-02-2009, 10:41 PM   #2
choogendyk
Senior Member
 
Registered: Aug 2007
Location: Massachusetts, USA
Distribution: Solaris 9 & 10, Mac OS X, Ubuntu Server
Posts: 1,194

Rep: Reputation: 105Reputation: 105
Sounds like you have it mapped out. Any specific questions?
 
Old 07-03-2009, 11:46 AM   #3
deedi01
LQ Newbie
 
Registered: Jul 2009
Location: Maryland
Posts: 7

Original Poster
Rep: Reputation: 0
Response

Well i am not sure were the NIPS and HIPS sensors should be placed. i am also not too familiar with the honeypot and hogwash. I was hoping for outline and sample drawings
 
Old 07-03-2009, 11:01 PM   #4
choogendyk
Senior Member
 
Registered: Aug 2007
Location: Massachusetts, USA
Distribution: Solaris 9 & 10, Mac OS X, Ubuntu Server
Posts: 1,194

Rep: Reputation: 105Reputation: 105
If you google "nips hips sensors" you get a bunch of hard core references on the first page of hits.

You haven't provided enough information here for anyone to give you any kind of network configuration, outline or drawings. Anyway, I'm taking off on vacation, so someone else will have to pick this up if you decide to provide more detailed information with specific questions.
 
Old 07-04-2009, 12:38 AM   #5
routers
Member
 
Registered: Aug 2005
Location: Malaysia - KULMY / CNXTH
Distribution: Slackware, Fedora, FreeBSD, Sun O/S 5.10, CentOS
Posts: 780
Blog Entries: 6

Rep: Reputation: 75
I not sure you can follow my way or not but i consider i doing advance
network intranet design involved with dedicated firewall using ipcop in datacenter this is the design layout example


5 public ip given by IDC and with private ip 192.168.68.65/28
create my own way

private ip calculation as following

Code:
[noc@nc ~]$ ipcalc 192.168.68.65/28
Address:   192.168.68.65        11000000.10101000.01000100.0100 0001
Netmask:   255.255.255.240 = 28 11111111.11111111.11111111.1111 0000
Wildcard:  0.0.0.15             00000000.00000000.00000000.0000 1111
=>
Network:   192.168.68.64/28     11000000.10101000.01000100.0100 0000
HostMin:   192.168.68.65        11000000.10101000.01000100.0100 0001
HostMax:   192.168.68.78        11000000.10101000.01000100.0100 1110
Broadcast: 192.168.68.79        11000000.10101000.01000100.0100 1111
Hosts/Net: 14                    Class C, Private Internet
1) install dedicated firewall with
- public ip = 202.100.188.200 eth0 -> switch
- private ip = 192.168.68.65 eth1 -> switch
- dhcp = off

1.1) win2k server 1
- ip = 192.168.68.66 = openport for rdesktop in firewall 3366
1.2) win2k server 2
- ip = 192.168.68.67 = openport for rdesktop in firewall 3367

2) Install linux with apache
- public ip = 202.100.188.201 eth0 -> switch
- Private ip = 192.168.68.68 eth1 -> switch
- Apache rewrite code domain1 point to win2k server 1
- Apache rewrite code domain2 point to win2k server 2

3) Linux Mail Server

- Private ip = 192.168.68.69
- open all required port for mail server from firewall
- all mx record point to firewall public IP

follow this way u can have many server in IDC
work with xen also , i have setup many xen guest with intra ip
can be access from outside via firewall and domain with apache rewrite code

I also setup dns server with xen for ns1 and ns2 , u can use public ip or
private ip but must open port accordingly

hope u can get clue with this

FYI i mixed public ip and private ip in the same switch
 
Old 07-05-2009, 04:03 PM   #6
deedi01
LQ Newbie
 
Registered: Jul 2009
Location: Maryland
Posts: 7

Original Poster
Rep: Reputation: 0
Response to router

Thank you so much for this. its going to help me a lot.

Do you know anything about honeynets and hogwash's? were would you place them in a network/
 
Old 07-05-2009, 09:39 PM   #7
routers
Member
 
Registered: Aug 2005
Location: Malaysia - KULMY / CNXTH
Distribution: Slackware, Fedora, FreeBSD, Sun O/S 5.10, CentOS
Posts: 780
Blog Entries: 6

Rep: Reputation: 75
i sure hogwash need to implement inside firewall box,
for dedicated firewall i suggest you use untangle its equal to sonicwall
and its free, i got to know it last time because the adds in this LQ



but honeynet honeypot are you going to use for forensic analysis?

i dont know about other ppl but for me, i will never put this honey on my
network, its like you calling flies to get the honey you provided but you ready to blow them with fumakila made in japan
 
Old 07-06-2009, 03:24 PM   #8
deedi01
LQ Newbie
 
Registered: Jul 2009
Location: Maryland
Posts: 7

Original Poster
Rep: Reputation: 0
Response to router

lol. you are funny.

Well yes, we re to design a network with an intrusion prevention system and the honeypot would be for forensic analysis. You have been really helpful so far. One more question.

Any suggestions on how you would protect each of your servers?

thanks
 
Old 07-06-2009, 07:17 PM   #9
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,417

Rep: Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397
Protection considerations:

1. ownerships/permissions
2. SELinux if available (RH based for example)
3. /etc/hosts.allow, /etc/hosts.deny
4. firewall ie iptables
5. disable remote login by root for ssh
6. disable text logins entirely eg telnet, ftp, rsh, rexec, remsh etc
http://www.informit.com/articles/art...p=169465&rll=1
7. see Security forum here at LQ, but chkrootkit, rkhunter, samhain, aide etc
 
Old 07-07-2009, 01:08 AM   #10
routers
Member
 
Registered: Aug 2005
Location: Malaysia - KULMY / CNXTH
Distribution: Slackware, Fedora, FreeBSD, Sun O/S 5.10, CentOS
Posts: 780
Blog Entries: 6

Rep: Reputation: 75
consider what is told by chrism01

i add 3 following

1) keep your system update
2) change your ssh / ftp port if posible
- because this is main target from kid scripts

3) for more advance i depend on apache rewrite code
forward domain to another lan server and its not so
dificult to do


as live example try scan http://hrms.ajv.com.my/

i dont mind to show up my own life server

Code:
[rou@cos ~]$ lynx -head -source http://hrms.ajv.com.my/
HTTP/1.1 403 Forbidden
Date: Mon, 06 Jul 2009 21:34:41 GMT
Server: Microsoft-IIS/6.0
Content-Length: 218
Content-Type: text/html; charset=UTF-8
Connection: close

[rou@cos ~]$ nslookup hrms.ajv.com.my
Server:         192.168.1.1
Address:        192.168.1.1#53

Non-authoritative answer:
Name:   hrms.ajv.com.my
Address: 202.157.188.244

[rou@cos ~]$ lynx -head -source http://202.157.188.244
HTTP/1.1 403 Forbidden
Date: Mon, 06 Jul 2009 21:35:14 GMT
Server: Apache/2.2.3 (CentOS)
Accept-Ranges: bytes
Content-Length: 5043
Connection: close
Content-Type: text/html; charset=UTF-8
this proved how does the things work

ps.. sorry my english
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Is this a secure way to set up a home network (with network storage) ? phildacey Linux - Security 2 08-24-2006 05:25 AM
Designing a network Pimple Linux - General 2 05-27-2003 01:02 AM
How secure is my Network Irish Whiskey Linux - Security 3 03-26-2003 05:07 PM
Designing a Linux Network Infrastructure!? therizwaan Linux - Networking 5 09-12-2002 06:51 PM
Designing network security jbm Linux - Security 2 12-20-2001 08:47 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 08:39 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration