[SLUG] Re: Router -- a little IDS goes a long way, just ask Valve

From: Bryan J. Smith (b.j.smith@ieee.org)
Date: Sun Oct 10 2004 - 16:26:20 EDT

Next message: paulf: "[SLUG] Suncoast LUG Meetings"
Previous message: Bryan J. Smith: "Re: [SLUG] "ports" v. "packages" distributions -- WAS: Galeon, may I have a dog, please?"
In reply to: Joe Brandt: "[SLUG] Router"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Sun, 2004-10-10 at 12:51, Joe Brandt wrote:
> We have an exisiting Lan here at home. We use a Linksys wireless router
> to allow several computers to share our DSL. I have a couple SOB's
> (slow old box) and am thinking of turning one into a dedicated security
> box. Where in the chain would I place it? My guess is between the
> modem and Linksys. How would this affect the Linksys?

You can in-line a stealth firewall/IDS system.
That would give you much better packet inspection capabilities.

Or you could just replace the Linksys and install IPCop 1.4:
http://www.ipcop.org

1.4 was just released and it has an excellent set of capabilities. You
could use your Linksys device as a wireless AP (disable WAN link) on the
segmented "BLUE" zone of the IPCop box. That way you have your wired
and wireless fully segmented.

IPCop also has ease-to-read kernel firewall logs and Snort IDS.

> I did a Google search but since Linksys is a firewall I could not think
> of a query which would bring up answers.

Newer Linksys devices are very basic Linux IPTables firewalls.
They offer no IDS or other major logging facilities.

If the Valve hack told us anything, it's that hacks come from _inside_.
Incoming filtering is _useless_ if a system is compromised internally
(e.g., via browser, reader or other exploit).

And as exemplified the case of Valve, the only thing worse than being
hacked is being hacked and _not_ knowing about it. A little IDS goes
a _long_way_.

-- Bryan J. Smith b.j.smith@ieee.org ------------------------------------------------------------------ "Communities don't have rights. Only individuals in the community have rights. ... That idea of community rights is firmly rooted in the 'Communist Manifesto.'" -- Michael Badnarik

----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.

Next message: paulf: "[SLUG] Suncoast LUG Meetings"
Previous message: Bryan J. Smith: "Re: [SLUG] "ports" v. "packages" distributions -- WAS: Galeon, may I have a dog, please?"
In reply to: Joe Brandt: "[SLUG] Router"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:30:54 EDT