FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 02-05-2008, 07:14 PM
ChadDavis
 
Default security concerns for home work network

This may a bit off topic, but I am talking about* a debian base network, and I sense that many of the people on this list have admin expertise.

I have a small home office network.* I recently set up samba and in the process realized I'm not all that honed on security issues.* My concern is this, when I set up something like filesharing, I'm just doing this for the efficiency of my two person software development company; the other employee is my wife.* In this environment, I generally just set things up as loose and quick as possible.


My question is, am I wrong for thinking that security isn't of much concern, in regards to something like samba file sharing, for our two user network.* My theory is that as long as I keep my network shutdown to outside access, everything is cool.* For instance, I generally don't forward any ports from my DSL router into my local machines.* On occasion I'll open 80 to let my clients do some testing.* Am I right in assuming this means I don't have to tighten up something like file sharing?*
 
Old 02-05-2008, 08:09 PM
"Russell L. Harris"
 
Default security concerns for home work network

* ChadDavis <chadmichaeldavis@gmail.com> [080205 14:21]:
...
> I generally don't forward any ports from my DSL router into my local
> machines. On occasion I'll open 80 to let my clients do some
> testing.

You could place an old machine on the "dmz" port of your
firewall/router (you DO have a firewall, don't you?), and copy client
software to that machine, for access by your clients.

RLH


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-05-2008, 09:30 PM
"Paul Johnson"
 
Default security concerns for home work network

On Feb 5, 2008 1:09 PM, Russell L. Harris <rlharris@oplink.net> wrote:
> * ChadDavis <chadmichaeldavis@gmail.com> [080205 14:21]:
> ...
> > I generally don't forward any ports from my DSL router into my local
> > machines. On occasion I'll open 80 to let my clients do some
> > testing.
>
> You could place an old machine on the "dmz" port of your
> firewall/router (you DO have a firewall, don't you?), and copy client
> software to that machine, for access by your clients.

That might not be the right answer: All that does is ensures that the
machine with all the data is directly accessable from the outside
world. That's probably not what the OP is looking for.

--
Paul Johnson
baloo@ursine.ca


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-05-2008, 10:56 PM
Andrew Sackville-West
 
Default security concerns for home work network

On Tue, Feb 05, 2008 at 01:14:37PM -0700, ChadDavis wrote:
> This may a bit off topic, but I am talking about a debian base network, and
> I sense that many of the people on this list have admin expertise.
>
> I have a small home office network. I recently set up samba and in the
> process realized I'm not all that honed on security issues. My concern is
> this, when I set up something like filesharing, I'm just doing this for the
> efficiency of my two person software development company; the other employee
> is my wife. In this environment, I generally just set things up as loose
> and quick as possible.
>
> My question is, am I wrong for thinking that security isn't of much concern,
> in regards to something like samba file sharing, for our two user network.
> My theory is that as long as I keep my network shutdown to outside access,
> everything is cool. For instance, I generally don't forward any ports from
> my DSL router into my local machines. On occasion I'll open 80 to let my
> clients do some testing. Am I right in assuming this means I don't have to
> tighten up something like file sharing?

I'm no expert by any stretch, but I think in your case, if you are
behind a secure firewall, then no, security internal to your LAN is
not an issue. That assumes you trust your wife

Now, opening port 80 to test software is a different issue. If you are
"testing" software, then it is likely not secure and not something you
want to have protecting the rest of your network. That's how you
should look at it -- if you open the port, then whatever code you have
on that port is now your line of defense for that port. If that code
fails to be secure, then your network is not secure. In that case, I'd
agree that moving your test bed outside your main network would be a
good idea.

A
 
Old 02-06-2008, 01:02 AM
Raj Kiran Grandhi
 
Default security concerns for home work network

ChadDavis wrote:
I have a small home office network. I recently set up samba and in the
process realized I'm not all that honed on security issues. My concern
is this, when I set up something like filesharing, I'm just doing this
for the efficiency of my two person software development company; the
other employee is my wife. In this environment, I generally just set
things up as loose and quick as possible.


[snip]

It is not very difficult to tighten samba up a bit. Simply list your
wife's computer in a "hosts allow = <computer name>" line in the
'[global]' section of your smb.conf file.


As Andrew has mentioned, your setup is probably ok as long as you don't
have any ports forwarded into your lan. But for anything else, better
safe than sorry ;-)


--
Raj Kiran Grandhi


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-08-2008, 02:27 AM
ChadDavis
 
Default security concerns for home work network

You could place an old machine on the "dmz" port of your

firewall/router (you DO have a firewall, don't you?), and copy client
software to that machine, for access by your clients.

I don't have a firewall software, but i have the DSL router and

nothing comes through unless i port forward. *I think that is just
NAT, right? *That works as a firewall, does it not?
 
Old 02-08-2008, 02:59 AM
"Russell L. Harris"
 
Default security concerns for home work network

* ChadDavis <chadmichaeldavis@gmail.com> [080207 21:42]:
>
> You could place an old machine on the "dmz" port of your
> firewall/router (you DO have a firewall, don't you?), and copy client
> software to that machine, for access by your clients.
>
> I don't have a firewall software, but i have the DSL router and
> nothing comes through unless i port forward. I think that is just
> NAT, right? That works as a firewall, does it not?

Some firewall/routers have a "dmz" ("demilitarized zone"), which
enables a single firewall/router (and thus, a single Internet
connection) to serve both a private LAN and a public server; others do
not.

One of the easiest and most economical ways to experiment with a DMZ
is to place three ethernet cards and a small drive (10 gigabytes is
sufficient) in an old Pentium or Pentium-II machine (200 to 400 MHz is
adequate), and then install IPCop or SmoothWall (www.smoothwall.org).
If you are running dial-up, you need only two ethernet cards.

I am familiar with SmoothWall, having used it for a number of years,
and I think that it is the more polished and user-friendly of the two
packages -- even a novice can install and configure SmoothWall.

RLH


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-08-2008, 10:42 PM
Chris Bannister
 
Default security concerns for home work network

On Tue, Feb 05, 2008 at 03:56:35PM -0800, Andrew Sackville-West wrote:
> On Tue, Feb 05, 2008 at 01:14:37PM -0700, ChadDavis wrote:
> > This may a bit off topic, but I am talking about a debian base network, and
> > I sense that many of the people on this list have admin expertise.
> >
> > I have a small home office network. I recently set up samba and in the
> > process realized I'm not all that honed on security issues. My concern is
> > this, when I set up something like filesharing, I'm just doing this for the
> > efficiency of my two person software development company; the other employee
> > is my wife. In this environment, I generally just set things up as loose
> > and quick as possible.
> >
> > My question is, am I wrong for thinking that security isn't of much concern,
> > in regards to something like samba file sharing, for our two user network.
> > My theory is that as long as I keep my network shutdown to outside access,
> > everything is cool. For instance, I generally don't forward any ports from
> > my DSL router into my local machines. On occasion I'll open 80 to let my
> > clients do some testing. Am I right in assuming this means I don't have to
> > tighten up something like file sharing?
>
> I'm no expert by any stretch, but I think in your case, if you are
> behind a secure firewall, then no, security internal to your LAN is
> not an issue. That assumes you trust your wife
>
> Now, opening port 80 to test software is a different issue. If you are
> "testing" software, then it is likely not secure and not something you
> want to have protecting the rest of your network. That's how you
> should look at it -- if you open the port, then whatever code you have
> on that port is now your line of defense for that port. If that code
> fails to be secure, then your network is not secure. In that case, I'd
> agree that moving your test bed outside your main network would be a
> good idea.


http://www.debian-administration.org/articles/552

--
Chris.
======


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 04:57 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org