[cumbria_lug] Regarding Windows Network Noise

euan.hogg at cumbria.ac.uk euan.hogg at cumbria.ac.uk
Thu Dec 23 15:40:22 GMT 2004 

Hi,

I have watched the Windows Network Noise thread with great interest.  I
hope no one minds me throwing in a few basic principals that can be applied
regardless of what hardware or software you use for filtering/firewalling.

1.  Deny everything by default, unless otherwise explicitly allowed - this
is true for incoming and outgoing traffic.
2.  Never let your internal hosts talk to the outside world, use an
intermediary, proxy or socks server.
3.  Internal hosts never need a default gateway - only a route to host or
route to net.
4.  Keep your AV up to date - daily or more frequently if possible.
5.  Patch everything in sight.
6.  Back up everything in sight.
7.  Log everything.
8.  Deny all icmp ( with the possible exception of ping ) initiated from
the outside to the inside.
9.  Monitor routers, switches, servers so you can spot abnormal traffic
patterns.
10.  Learn to use network tools and packet sniffing.
11.  Subscribe to lists that warn of security alerts ( CERT ?).
12.  Read the manual.

Just a wee note on firewalls, don't place all your faith in them.  You
still have to open up holes in them to let traffic through.  If your mail
server software has a security issue on port 25 then no firewall will help.
It may only limit the damage.

The joy of Linux is that it is often less resource hungry than other OSs so
hardware costs can be very low which means that it is possible to follow
the principal of 'one server - one service'.  Don't load up one box with
DNS/SMTP/WWW, etc.  It makes it very difficult to monitor and if the
hardware fails you lose 3 services.

Hope this helps someone.

--
Euan Hogg
ICT Systems Administrator
Cumbria Institute of the Arts

Brampton Road
Carlisle
Cumbria
CA3 9AY

Tel: (01228) 400300

 --  The information contained in this communication and any attachments
may be confidential, commercially sensitive and/or privileged. It is
intended solely for the person(s) to whom it is addressed. If you are not a
named or intended recipient, you must not use, copy, distribute or disclose
the contents in whole or part, take any action in reliance on it or use it
for any purpose. If you have received this communication in error, please
contact the sender or reply to this message, then destroy all original
texts. Cumbria Institute of the Arts is neither liable for the proper and
complete transmission of the information contained in this communication
nor for any delay in its receipt. All reasonable precautions are taken to
ensure no viruses are present in electronic communications. Cumbria
Institute of the Arts cannot accept responsibility for loss or damage
arising from the use of this content or any attachments, and we recommend
that you subject these to your own checking procedures prior to use.

More information about the Cumbria mailing list