[Scottish] Need advice on setting up a Mandrake/Debian home network

Colin McKinnon scottish at mailman.lug.org.uk
Tue Mar 11 08:51:02 2003 

David Marsh's list-reading hat wrote:

>Is DNSCache easy to set up?
>
So easy even I could do it ;). Yes, it just serves up whats in the 
/etc/hosts file when you're offline, when you're online it does proper 
lookup forwarding to your DIAL-up ISPs DNS.

>umm, security through obscurity (as not always-on) and not running
>servers I don't need, but that's it so far, really.. :-(
>  
>
Naughty, nauhgty! If you're really starting from there, then you might 
want to try out firestarter which generates an iptables / ipchains 
script using wizards. Its relatively painless to use. AIR, it hangs out 
at Sourceforge. Try the usual suspects for more specific URLs.

>What's IDS?
>  
>
Intrusion Detection System. Firewalls are intended to prevent people 
doing nasties to your computers - but obviously they're not infallible. 
IDS should spot where someone has got past at least one line of defence 
and has donw naghty things to your systems. Braodly they fall into 3 
categories:
1) host based - maintian a database of hashes for files and permissions, 
reports significant changes (e.g. L5, tripwire). I asked about the 
debian package manager as RPM has a facility for verifying hashes (note 
that if someone has gained control of your system, the local RPM 
database could be compromised too).
2) network sniffers - try to spot attack fingerprints being sent across 
the network (e.g. snort) reliant on having an up to date fingerprint 
database. Can load a system significantly.
3) smart IDS - try to spot unusual system activity (e.g. LADS) typically 
using AI techniques.

For a home network the first is adequate. Note that when I had a dialup 
connection I was still seeing several hundred uninvited packets / week. 
Although most of them were just badly configured Windows boxes, there 
were a lot of ssh and portmap requests in there too. My box at home got 
RK'ed via https which I'd  installed to *improve* security!

>What would be the best way of doing that? NFS?
>
For a home network, yes - but make sure you've got a half decent 
firewall in place. Don't share root's home address and preferably share 
from the machine which *isn't* connected to the internet.

>What I'm really planning on doing is using salt as a backup for pepper
>and simply backing up all of my critical files there periodically.
>
>So I don't think that a shared /home would help me in this situation.
>  
>
Nope, probably not. Wouldn't it be easier just to buy a CD writer? Extra 
disk?

Good luck,

Colin