Search This Blog

Populære indlæg

Saturday, January 3, 2015

less unsafe network

safe servers network
********************

*** edit: “safe” implies “less unsafe” ***

every desktop machine has exactly the same software (even if not used by the user) in the same versions. cuts down 2nd-line support. and if a problem is solved on one machine it is solved on them all. example: an exploit becomes known. fix it one place and it’s fixed all over. also makes adding new machines easy as 1-2-go

two “dead-man-switches”
1. cuts connection to the grid (kills routers). this way key-loggers etc don’t call home
2. cuts bridges to server farm. if a virus is loos on the intra protect the servers. data is vital. not desktops.

this cannot be emphasized enough: there are no automatics on a secure network. none! it's always a good idea to lookup problems before installing an update.

servers who needs to be accessible from outside should be isolated on their own connection. this means that all machines on the inside of the network (lan) will have their own connection. so, at least 2 connections are required. this is a public/private seperation. it may seem like overkill but it allows that the router (internet access point) on the private part can have it's dmz redirect inbound traffic to a non-existing ip. administration on the public part is done through 22h ot a webbased interface.

no wi-fi allowed. no equip leaves building. none gets in (people must lock their cells in).
these will very soon be the really big exploit in the very near future (it’s already happening) and the potential for a major fuck-up is ludicrous

each server-function is located on ONE server each (i.e. web on one, maybe 4 * 1 dbms).
only mandatory ports are open on each firewall. if a machine does not need to do dns-lookups udp/tcp53/993 etc is sealed. also fw’s should be in stealth mode not answering icmp request.
if an extra measure is required use different versions of the software. every software has holes. but every version has different holes. no vm’s. if the vm is compromised, the host and every vm on it is compromised too.

a public server should be made completely cut-off from the real intra. all adm, updates, etc should be made through the internet. any public facing server is a drop of guard that is not needed. it will be hacked. a web-server alone is paramount to be compromised. add an underlying dbms and all bets are off. there is none. also it could be useful for data gathering of just how clever these little sob’s have gotten. kids are getting smart these days. just for the lulz

a multi-line internet connection would be nice too. the more ip’s the merrier. it still has to go through one tiny hole to get in or out

oh yeah. a couple of 3g/4g connections would be apt to have in store in case of a full-scale breach. why cut totally off. cunning panic is not panic. merely vigilance

** edit ***

it is impossible to uphold a directive that nothing comes in contact with the outside world. any device that has left the building - unlike Elvis who’s still ghosting around somewhere - that device becomes contaminated. before going in and back out it must be cleansed. that means that any documents stored locally will not enter servers. instead one must apply cloud-tech and very heavily encrypted connections. speed is not an issue so i guess that leaves pretty much up to the imagination. i think there are some american laws that prohibits too strong encryption, i think it boils down to that they want to ensure their experts can crack it. but i don’t see any right of anybody to interfere how an organisation or a group of individuals run their private networks.

have a hardware based system where the machine shuts down if the webcam is blocked

nothing is done automatic on a secure network. not updates. not access (no saved passwords). not nothing. and i literally mean the void of total absence of anything remotely not caused by a human

*** end edit ***

*** for those wearing tin-foil hats ***

do not equip the servers with conventional drives (incl sad)
instead have the configured system on a dvd and boot from that
all data is kept in memory or on a ram-drive
if someone tries to take the servers away they sure will be disappointed. its the only way
to make sure no info is »left behind«

*** end edit ***

*** dbms ***

no pw needed to access. auth is handled by a bridge in between.
open source big-data with flat structure.
every field has history (done by making delete disable the field altogether and update really inserts a new line)

*** end dbms ***

*** encrypted dns ***

i think the time has come to encrypt dns lookups

*** end dns ***

*** "cheap" public/private ***

one could make the following setup and cut cost on the connection

inet<->router<->public_server/part<-(>) [ firewall<->lan ]

the public_server has 2 interfaces. one incoming and one outbound.

this is not the same as using a dmz

the following services could be put in such a setup:
* dns
* mail
* web
* vpn
* certificate server (for homework stations if none put in private_part)

the (>) means that incoming traffic on the lan is filtered with a hardened firewall
example: because the mail-server is located on the public_part there is no need to send request for any mail server through to the lan

this setup could also be used to put in a hardened gatekeeper that scans incoming traffic for viruses, malware and other incoming nastys.

*** end "cheap" public/private ***

No comments:

Post a Comment