What is the best way to go about auditing a home-based local area network? Some of the computers on the network are Windows based whereas others are Linux based. Would it be best to harden each computer first than harden the network as a whole, or work the other way and harden the network than harden each computer?
Sponsored by: █ Sparkhost - Hosting Without Compromises! █ Hybrid Performance Web Hosting █ Spark Host Stream Hosting █ Hybrid IRC & IRCd Server Shell Accounts
Network Security Auditing
Started by
tkw11150
, Nov 03 2010 12:07 PM
9 replies to this topic
#2
infiltrator
-
- Sergeant Major
-
- 421 posts
Staff Sergeant
Posted 05 November 2010 - 09:29 PM
First of all, I would start by securing each individual machine on the network by carrying out the following steps:
1. Keep all machines OS and applications up to dated.
2. Limit the use of administrator account on each machine
3. For each user account, change the password level to something complex
4. If you are still using XP, disable LM hashes and use NTLM
5. Turn off services that you don't use. (this will keep each machine less vulnerable to attacks)
6. Install a firewall, like Comodo.
7. Install and keep the anti-viruses up to dated (Avast or Kespersky would be a good choice)
8. Do not use IE, use a less buggy and more secure browser like FF or Chrome.
9. Use VMs for browsing unsafe websites, this will keep any infection contained and won't be spread to the host system.
10. Do NOT open attachments or click on links that you don't know where they come from. Again use a VM if you have to open unsafe attachments, if you feel the VM is infected dispose it by deleting its virtual drive and starting from scratch or create a back up of the VM.
11. If you have lots of sensitive data on your computers, you are better off encrypting their HDD with truecrypt.
12. To reduce the risk of malware infection on your network, disable the autorun feature and if you have to open an untrusted USB do it on a standalone computer, that way if its infected, the infection will be local to the machine only.
Now for the network security part, you can set up a box with Untangle.
1. http://www.untangle.com/ , which is a popular open-source Linux firewall and I would deficiently recommend this one.
2. Keep all you network hardware like router, switch firmware updated.
3. Do not use its default passwords, change the user-name and password to something complex.
4. If they support HTTPS, turn it on, as it will keep the traffic from your computer to the device encrypted.
5. If you have wireless on your network, I would strongly recommend to use WPA2 with radius authentication and make sure you have a very complex pass-phrase and do not hand it over to no body.
I think that's all I can remember for now.
Regards,
Infiltrator
Edit: Check out this links they will provide you with more info on how to protect your system better.
http://www.cfengine.org/
http://www.nessus.org/nessus/
1. Keep all machines OS and applications up to dated.
2. Limit the use of administrator account on each machine
3. For each user account, change the password level to something complex
4. If you are still using XP, disable LM hashes and use NTLM
5. Turn off services that you don't use. (this will keep each machine less vulnerable to attacks)
6. Install a firewall, like Comodo.
7. Install and keep the anti-viruses up to dated (Avast or Kespersky would be a good choice)
8. Do not use IE, use a less buggy and more secure browser like FF or Chrome.
9. Use VMs for browsing unsafe websites, this will keep any infection contained and won't be spread to the host system.
10. Do NOT open attachments or click on links that you don't know where they come from. Again use a VM if you have to open unsafe attachments, if you feel the VM is infected dispose it by deleting its virtual drive and starting from scratch or create a back up of the VM.
11. If you have lots of sensitive data on your computers, you are better off encrypting their HDD with truecrypt.
12. To reduce the risk of malware infection on your network, disable the autorun feature and if you have to open an untrusted USB do it on a standalone computer, that way if its infected, the infection will be local to the machine only.
Now for the network security part, you can set up a box with Untangle.
1. http://www.untangle.com/ , which is a popular open-source Linux firewall and I would deficiently recommend this one.
2. Keep all you network hardware like router, switch firmware updated.
3. Do not use its default passwords, change the user-name and password to something complex.
4. If they support HTTPS, turn it on, as it will keep the traffic from your computer to the device encrypted.
5. If you have wireless on your network, I would strongly recommend to use WPA2 with radius authentication and make sure you have a very complex pass-phrase and do not hand it over to no body.
I think that's all I can remember for now.
Regards,
Infiltrator
Edit: Check out this links they will provide you with more info on how to protect your system better.
http://www.cfengine.org/
http://www.nessus.org/nessus/
#3
tkw11150
-
- Members
-
- 2 posts
Private
Posted 06 November 2010 - 04:47 PM
Thanks for the response Infiltrator. I was most interested in hearing what other people had to say about the order in which to go about it. I have always gone workstation first network last... Basically securing the most basic unit and working up to the larger system.
#4
infiltrator
-
- Sergeant Major
-
- 421 posts
Staff Sergeant
Posted 06 November 2010 - 07:00 PM
I think most users will probably agree that you should start hardening your network security first and then slowly move onto the workstations itself.
A properly secured network, should not let in/out all traffics only certain traffics, if you let most traffic in and out then you are asking for trouble.
Implementing an IDPS should help mitigate most attacks and help your network stay secure.
Anyway I think I've said too much, will let other users have their say too.
Regards,
Infiltrator
A properly secured network, should not let in/out all traffics only certain traffics, if you let most traffic in and out then you are asking for trouble.
Implementing an IDPS should help mitigate most attacks and help your network stay secure.
Anyway I think I've said too much, will let other users have their say too.
Regards,
Infiltrator
#5
E411
-
- Members
-
- 17 posts
Private
Posted 18 November 2010 - 03:49 AM
I think most users will probably agree that you should start hardening your network security first and then slowly move onto the workstations itself.
A properly secured network, should not let in/out all traffics only certain traffics, if you let most traffic in and out then you are asking for trouble.
Implementing an IDPS should help mitigate most attacks and help your network stay secure.
Anyway I think I've said too much, will let other users have their say too.
Regards,
Infiltrator
The list he offered was pretty decent. Focus on the browser security. Things like flash and acrobat reader are serious security issues that are just beginning to be exploited. MSIE is also quite bad, though getting better.
I advocate using a tool like the FireFox plugin "noscript". It tends to make some pages a bit ugly but it prevents a lot of "drive-by" and "sidejacking" exploits that are common from malware infested websites.
If your'e concerned about your systems, also disable firewire. It's trivial to gain access to a password locked system via firewire. Yeah, silly, but the spec requires DMA drivers and that makes it a security risk. It will never be fixed. Use USB3.0
As for the order, workstations first, for sure. Network security (other than wireless) is a cold topic. I'm not going to attack a router if there are several juicy windows xp boxes nearby. Not a chance. Even if you run a decent OS, it's always going to be the weak point. They're just so complex.
Of course, that doesn't go for wireless. If you use it, start there, then move to the workstations. :-)
#6
beardednose
-
- Sergeant Major
-
- 1,916 posts
Retired GSO First Lieutenant
Posted 27 November 2010 - 10:44 AM
I think most users will probably agree that you should start hardening your network security first and then slowly move onto the workstations itself.
I disagree with this 3400%.
Answer this question to understand my opinion: where does the data reside that you're trying to protect?
On the workstation, of course, not on the network.
Think about it this way: you have a database server on the network. Would you secure the network first? No. If you secure the server, no one gets to the data. Of course, if no one can get to the server, then the data is safe, but working from the center out is best.
Securing the server first also addresses trusted users on the network messing with the data too.
I think your question is around the home network, so you might think this doesn't apply like it would in a business, but I'd disagree with that too...
I leave you with a BN-ism:
If you jump out of a plane at 20K feet over Canada without a parachute, are you any less likely to die?
#7
infiltrator
-
- Sergeant Major
-
- 421 posts
Staff Sergeant
Posted 30 November 2010 - 11:39 PM
I think most users will probably agree that you should start hardening your network security first and then slowly move onto the workstations itself.
I disagree with this 3400%.
Answer this question to understand my opinion: where does the data reside that you're trying to protect?
On the workstation, of course, not on the network.
Think about it this way: you have a database server on the network. Would you secure the network first? No. If you secure the server, no one gets to the data. Of course, if no one can get to the server, then the data is safe, but working from the center out is best.
Securing the server first also addresses trusted users on the network messing with the data too.
I think your question is around the home network, so you might think this doesn't apply like it would in a business, but I'd disagree with that too...
I leave you with a BN-ism:
If you jump out of a plane at 20K feet over Canada without a parachute, are you any less likely to die?
That is your opinion, and some would agree and others would disagree. I seriously think that, since the network is the gateway, you really want to evaluate what sort of traffic you would want to let in or out.
Hardening the security on the PCs alone is a good security practice and anyone should do that too, but controlling what goes in and out of your network is also a good security practice, that should not be left out.
#8
Marts McFly
-
- Second Lieutenant
-
- 591 posts
Second Lieutenant
Posted 01 December 2010 - 04:06 PM
I think most users will probably agree that you should start hardening your network security first and then slowly move onto the workstations itself.
I disagree with this 3400%.
+1
If your computer isn't secure... no matter how good your network is... there are too many ways that 'something' could tunnel it's way out over your secure network.
Certified Information Systems Security Professional (CISSP)
T: http://twitter.com/Marts_McFly
B: http://www.backtosecurity.com
T: http://twitter.com/Marts_McFly
B: http://www.backtosecurity.com
#9
beardednose
-
- Sergeant Major
-
- 1,916 posts
Retired GSO First Lieutenant
Posted 03 September 2011 - 07:20 AM
infiltrator,
If you're talking about controlling what goes in and out of the network, you're forgetting about what goes on inside, computer to computer. Malware can be introduced on a computer locally via CD, USB drive, ipod, etc., without going through your Internet connection. This malware can then infect other computers on the network without going outside the network. So controlling ingress and egress is not enough or even close.
Again, security is best immediately in front of what you're protecting, and in this case, it's data on the computer, so protect the storage drive first, then the application, then the computer OS, then the network. If you're in a house, is the best security a fence with a locked gate or locking the doors and windows? I'd lock the doors and windows before I'd depend on a fence alone. Of course, I'm all for layered defenses, you have to start from the data and then work out, not the other way around.
If you're talking about controlling what goes in and out of the network, you're forgetting about what goes on inside, computer to computer. Malware can be introduced on a computer locally via CD, USB drive, ipod, etc., without going through your Internet connection. This malware can then infect other computers on the network without going outside the network. So controlling ingress and egress is not enough or even close.
Again, security is best immediately in front of what you're protecting, and in this case, it's data on the computer, so protect the storage drive first, then the application, then the computer OS, then the network. If you're in a house, is the best security a fence with a locked gate or locking the doors and windows? I'd lock the doors and windows before I'd depend on a fence alone. Of course, I'm all for layered defenses, you have to start from the data and then work out, not the other way around.
#10
jay48197
-
- Members
-
- 1 posts
Private
Posted 07 October 2011 - 08:28 PM
Some one please help:
OS = Win 7 Enterprise 64 bit
Domain Controller = Win 2003 Server
How do I find out if my fascist network admin maliciously restricted my local user access from admin to standard user?
So little background. This network admin guy is a sore-eyed fellow and came to remove one of my three monitors quoting that the company policy is 2 monitors when I was not around. My boss made him put it back yesterday.
Today, I went into work and my programs all stopped working and I found out I've been downgraded from local admin to user. I guess this may have been inherited from general group security policies or it may be the network admin messing around with me.
How can I tell for sure?
The drama that unfolds in the email exchange is listed below. I'm person X and he is person Y.
================================================================================================
Person X
I am very sure I had administrative rights on my local machine up till yesterday and I am suddenly not an administrator or power user anymore. Did you anyone in IT have anything to do with this?
Person Y
I checked with everyone on my staff and even called one of my field technicians who is off today. No one has done anything to your PC.
Group policies are applied to all PCs that are on the domain during login. Use of Group Policy is standard practice in any wide scale deployment of PCs. This is how PCs are managed. Group policies apply security controls like screensaver lockouts, windows security updates, java security updates, etc.
I did review your PC and I saw that you did not have Admin level access on your PC. I reassigned local admin level access to your ID . You’ll probably have to reboot in order for the changes to take effect. It is possible that the group policies may be removing your admin access but I don’t think that is the case. We have not made any changes to group policies in months and I can see from the log you provided that the group policies have been applied four times since you started here in September.
================================================================================================
I copied my windows 7 back up from before (yesterday) and also made a ghost of today's current computer state (before I re-login). Also, I exported the entire registry of my local machine.
Someone please help me out.
Thanks, J
OS = Win 7 Enterprise 64 bit
Domain Controller = Win 2003 Server
How do I find out if my fascist network admin maliciously restricted my local user access from admin to standard user?
So little background. This network admin guy is a sore-eyed fellow and came to remove one of my three monitors quoting that the company policy is 2 monitors when I was not around. My boss made him put it back yesterday.
Today, I went into work and my programs all stopped working and I found out I've been downgraded from local admin to user. I guess this may have been inherited from general group security policies or it may be the network admin messing around with me.
How can I tell for sure?
The drama that unfolds in the email exchange is listed below. I'm person X and he is person Y.
================================================================================================
Person X
I am very sure I had administrative rights on my local machine up till yesterday and I am suddenly not an administrator or power user anymore. Did you anyone in IT have anything to do with this?
Person Y
I checked with everyone on my staff and even called one of my field technicians who is off today. No one has done anything to your PC.
Group policies are applied to all PCs that are on the domain during login. Use of Group Policy is standard practice in any wide scale deployment of PCs. This is how PCs are managed. Group policies apply security controls like screensaver lockouts, windows security updates, java security updates, etc.
I did review your PC and I saw that you did not have Admin level access on your PC. I reassigned local admin level access to your ID . You’ll probably have to reboot in order for the changes to take effect. It is possible that the group policies may be removing your admin access but I don’t think that is the case. We have not made any changes to group policies in months and I can see from the log you provided that the group policies have been applied four times since you started here in September.
================================================================================================
I copied my windows 7 back up from before (yesterday) and also made a ghost of today's current computer state (before I re-login). Also, I exported the entire registry of my local machine.
Someone please help me out.
Thanks, J
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
