Jump to content
Linux_Inside V2

How Paranoid are you?

Recommended Posts

So how paranoid about security are you guys?

 

I'm using WPA2 EAP-TLS for my Wifi connection at home, with TTLS enabled for user/pass authorisation of guests to my house.

SSH access is all restricted to Private key auth.

 

I'd like to setup 802.1X for my switch but a managed switch costs a fair bit more than I'm willing to pay, and OTP Keys would be something nice to play with too

 

How about you?

Share this post


Link to post
Share on other sites

I'm certainly not that paranoid for the home network...

 

I've just got WPA2-PSK for the wifi, and port knocking on the gentoo firewall.

 

I do have a W2k8 server though, so maybe I'll set up EAP later. It has to pass the SO-approval test though. :)

Share this post


Link to post
Share on other sites

I had someone hack out WEP when we had already given them access through a switch (they lived below us) so, I unplugged the switch, changed it to WPA2 and went downstairs and told them that if they were going to abuse our favour of sharing internet connection and file storage, they could get fucked.

 

I now live on my own, and choose not to use wireless as I am in a studio apartment and don't need wireless, it would just be another gadget on the ground.

Share this post


Link to post
Share on other sites

No wireless here other than a Bluetooth dongle that I hardly ever use.

 

But if I did go wireless, I'd go the whole hog.

 

Currently have the Firewall in the modem at a medium level, and Windows Firewall prettywell set to not let anything happen unless I say so.

 

Never had an attack in the last few years that's caused major problems or been able to be dealt with in under half an hour.

Share this post


Link to post
Share on other sites

Wireless is turned off, which is a bit better than WPA2 EAP-TLS I reckon. :)

 

As for 802.1x...I really see no need in a residential environment. Is there any reason you need it, or just paranoia at work?

Share this post


Link to post
Share on other sites

No wireless, but my wired network is set up with a hardware firewall, software firewall, 2 antivirus programs (Avast and AVG, I'm a cheapskate) and Password protection if you plug a new computer into the network.

 

And yet, a friend of mine who has a wireless network in a block of flats doesn't have any protection for his network whatsoever. Idiot.

Share this post


Link to post
Share on other sites

Well, I know that my router is constantly being attacked by bot nets, so I have a firewall policy that drops all connections to ssh if they try to connect more than once every 5 seconds. These IPs are then sent into a blacklist, which is extremely effective. PF is an extremely good firewall.

 

I use WPA2 on my wireless network. I originally set it to wireless N only, as there aren't many wireless N cards that do packet injection afaik, but then my Wii couldn't connect, so I had to turn it back to mixed mode. It's an airport express, so it doesn't have a telnet or web interface, which is one less attack vector I suppose.

 

I have 14 char passwords on all my computers, though my gf has slightly weaker passwords. My server also sends me a security report each day, so I like to think that I'm monitoring things pretty frequently.

Share this post


Link to post
Share on other sites

As for 802.1x...I really see no need in a residential environment. Is there any reason you need it, or just paranoia at work?

Not even paranoia

 

It'd just be awesome :P

 

I don't think anyone would steal my wifi, but with the current setup I can give guest access and revoke it as I see fit without having to upset my own machines

 

Everyone else in the house but me are shaped anyway - currently I'm on 8mbit with the rest of my family at 256. When they start paying for internet I'll start speeding things up.

Share this post


Link to post
Share on other sites

my entire linux server box is encrypted, including the swap partition, so ask me again, "how paranoid are you?" lol

no, seriously, they are encrypted long time ago, when I was mucking around with encrytion when I was building my Gentoo Box, so so happened it worked so well, I never removed it. so it stayed like that, been like this for hrm. 3 yrs or so now.

Share this post


Link to post
Share on other sites

my entire linux server box is encrypted, including the swap partition, so ask me again, "how paranoid are you?" lol

no, seriously, they are encrypted long time ago, when I was mucking around with encrytion when I was building my Gentoo Box, so so happened it worked so well, I never removed it. so it stayed like that, been like this for hrm. 3 yrs or so now.

Encryption of the partitions only stops people physically stealing your data

 

How do you protect the network access? :P

Share this post


Link to post
Share on other sites

my entire linux server box is encrypted, including the swap partition, so ask me again, "how paranoid are you?" lol

no, seriously, they are encrypted long time ago, when I was mucking around with encrytion when I was building my Gentoo Box, so so happened it worked so well, I never removed it. so it stayed like that, been like this for hrm. 3 yrs or so now.

Encryption of the partitions only stops people physically stealing your data

 

How do you protect the network access? :P

 

I use wired network, with MAC address lock, so new NIC connected to the network wont even register nor ping to the router. as for internet, well nothing is safe. just watch what you sending out there.

Share this post


Link to post
Share on other sites

I just use tin foil for wallpaper.

 

I don't use wireless.

 

In fact, I don't even have an Internet connection.

Share this post


Link to post
Share on other sites

I use wired network, with MAC address lock

Easier to spoof a MAC on a wired network, not as easy to steal one over a wired connection though I suppose :P

 

Is that using a managed switch?

Share this post


Link to post
Share on other sites

I use wired network, with MAC address lock

Easier to spoof a MAC on a wired network, not as easy to steal one over a wired connection though I suppose :P

 

Is that using a managed switch?

 

no, the router is sitting by my feet, good luck in getting by my kung fu round-house to the head when trying to plug a pc in, lol

now thats security!

Share this post


Link to post
Share on other sites

WPA2-PSK with a plenty long-enough key.

 

Would also like to use MAC filtering, but a bit of a PITA and not really worth it.

 

Rob.

Share this post


Link to post
Share on other sites

MAC address allow list.

In other words, nothing? :P

 

'sif I'd share with you lot. :P

If it was good enough then you wouldn't mind sharing :P

 

Rob.

Share this post


Link to post
Share on other sites

MAC address allow list.

In other words, nothing? :P

 

'sif I'd share with you lot. :P

If it was good enough then you wouldn't mind sharing :P

 

Rob.

 

 

You put in physical addresses to allow, anything not in the list is ban-hammered off the network.

Share this post


Link to post
Share on other sites

MAC address allow list.

In other words, nothing? :P

 

'sif I'd share with you lot. :P

If it was good enough then you wouldn't mind sharing :P

 

Rob.

 

 

You put in physical addresses to allow, anything not in the list is ban-hammered off the network.

 

That's pretty hardcore man.

 

 

lol@maxx

Share this post


Link to post
Share on other sites

MAC address allow list.

In other words, nothing? :P

 

'sif I'd share with you lot. :P

If it was good enough then you wouldn't mind sharing :P

 

Rob.

 

 

You put in physical addresses to allow, anything not in the list is ban-hammered off the network.

 

Over wifi or wired?

You know how easy it is to steal and spoof a mac address over wifi, right?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×