pigeon

SPONSORED LINKS BY GOOGLE

Or get 2 really slow drives and use software RAID... then if one disk
dies, it'll keep going off the other one; the pager message tells you
this, and you can go back to sleep and fix it in the morning.

--
Pigeon

Be kind to pigeons
Get my GPG key here: http://pgp.mit.edu:11371/pks/lookup?...rch=0x21C61F7F

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE/KpW3UxADjyHGH38RAo+BAJ9/v9gjss/b1LGYj6S4m3zEgTuRzgCeMucv
Dn6FImV1d0h9b6/f+PtShkY=
=WNp3
-----END PGP SIGNATURE-----

paul johnson

SPONSORED LINKS BY GOOGLE

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

That has too many variables to properly answer for your case, and
there's not a particularly safe general answer. - --
.''`. Paul Johnson <baloo@ursine.ca>
: :' : proud Debian admin and user
`. `'`
`- Debian - when you have better things to do than fix a system
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/LIy2J5vLSqVpK2kRAsbgAKCiDLAgzEb3mqD5cmfvtlrJl2hcag CdGg57
hqeavCtxm0gjMCqDgCSmOsc=
=Btow
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

paul johnson

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


It's a home network and I'm a member of the lunatic fringe? - --
.''`. Paul Johnson <baloo@ursine.ca>
: :' : proud Debian admin and user
`. `'`
`- Debian - when you have better things to do than fix a system
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/LI00J5vLSqVpK2kRAta7AJ943Ry/+67g2emmHpFSZP/UAG/ZTwCeMUHc
6Z+Rz9nGFbMr9aHAipfVlNw=
=TxEE
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

david fokkema

Yes, I should've realised that. I take it's just safer to separate the
two whenever possible.

David


--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

david fokkema

Ah, well that explains it, :-)

David


--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

alvin oga

hi ya

=== assume that [h/cr]acker have complete access to your fw, servers,
=== workstations ... and network

=== now try to protect your data... its a lot simpler problem to solve
and well defined problem

--
-- assume, that someone, from the outside can always get in if they
-- wanted to spend the time, energy, effort for fun or profit
--

a) try to minimize the loss of data
- assuming that the "company data" is important
- r/d projects
- company financials
- h/r salary info/benefits
....
( keep all those sensitive info off of the internet )

- machine should trust another machine ...
(manually type password and pass phrase should always be required)
- if they break one system, they might not be able to
get into any other server

b) make regular off line backups ... ( stuff that won't ever be erased )
- never overwrite backups with another backups

c) restore your "server" from backups to make sure it works
by re-installing the lastest linux distro from cdrom
- bare metal restore w/ latest/greatest hardware and security
patches

d) once you detect a [h/cr]acker ... do NOT erase or overwrite anything

cease all remote user and root logins and try to isolate what
they have been watching and sniffing

since you dont know how long the [cr/h]acker has been
sniffing your network before you noticed them ...
you don't know the integreity of your backups either

e) outside folks just need access to the "webserver" ...
nothing inside the company

f) if you allow vpn from home and wireless access to internal servers
than you've got some serious "network security policy and enforcement"
problems
- you can't control the network of the user's home systems
or their laptops

-- lots of security policy rules to create ... and enforce

most likely... all these "oh shit" will be an internal employee that
needs access to a server they shouldnt be trying to get into because
everybody else that could have given them the pwd or info is on
vacation, bz, forgot or ??

c ya
alvin


--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

alvin oga

i'd be worried about the home fw, home router, esp if its linux ( x86
based ) ... and less worried about the windoze boxes behind the fw
-- all traffic goes out/in thru the home users fw and/or gw ...
and that's the box i'd worry about as it'd be the first point
of attack to the home lan or its dns servers

- lots of ways to get into the corp lan from the relatively
less secure "home" network

- but the corp security folks' home lan is probably
tighter than the corp lan they maintain to keep the
ceo/cfo/foo-managers happy and off the admin's back by
opening a hole here and bigger hole there because
the managers can't do their jobs due to security restraints

- and who's the one losing the laptops when on the road ??

i worked at a place where 10% - 20% of the laptops were
either stolen or "dropped and thrown away" and they want
a new laptop .. that company went "poof" in a cloud of blue
smoke

c ya alvin

--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org