Help on configuration

[faith_in_death]

y have to check the indoor security in my system....i rebuild all the firewall rules to use the ip vs mac addresses...configured the proxy to be transparent...and cancelled al the prerouting tables in the gateway.....theres any onethr way some one from inside can use ip tuneling...or anocther technice to gaterin accese to the inner network?¿

i need that nooen can use proxies diferent that mine....and all the traffic will be checked trougth the firewall....

is this enogth?¿

[MrLinus]

What if someone puts a trojan on a website that you access and it's downloaded to your system via techniques used by spyware?

Do you trust all your friends that visit your place and use your computer?

Are you sure that email you receive, in HTML format, isn't doing something it shouldn't?

The above are all questions that can bypass the firewall because they are allowed via other methods (ie., browser going out and receiving traffic, allowing email with HTML and other web-enhancements, being too trusting of friends).

Just putting up a firewall is not enough. Today's security MUST be layered and have multiple components to it such as (but not limited to) antivirus, spyware detection, IDS (Intrusion detection) and host hardening.

[faith_in_death]

about the downloading process is totalli secure..because you can even download zip files....all the inner trafic is masked with the addres of the gateway...even if you check the ip of a inner machine with www.wathsmyip.com it show nothing but garbage....so if you try to connect to an intranet addres you have to pass trougth the gateway...and the gateway is behind a firewall....and betwen the gateway and the intranet is also another one.....

[MrLinus]

But what checks the zip file to ensure that the file itself is secure and trustworthy?

[faith_in_death]

jejej sorry i meant that you can't download even a zip file.....all pages are filetered using norton in a nt server before the people in to the intranet can see them

[MrLinus]

Ah... this is a work setup correct? You are aware that 70% of all attacks against companies are from the Internet. The question is what are you doing to defend against the other 30% (which are from internal sources like employees and such)?

[faith_in_death]

thats rigth.....to be more specifical this is my config.....

i use a dhcp server...
in the iptables..i have accese permisions using ip vs mac..this to avoid inpersonalitation
th ip tables are on the firewall wich acts as the gateway....
the proxy (squid) is configured to deny any download
the msn passes trougth the proxyand all teh trafic for it..( and other messengers) is monotored a recorded...only the file trasfering....
the files trasfered trougth this services is checked with antivirus software....and if i want i can manually cancell any trasnmition....

the firewalls are totally pakced...they only have ssh opened....
what i'm missing?¿

[MrLinus]

Well, depending on your company's policies, filtering based on certain word types (e.g., to detect child porn surfing etc.), ensuring that HTML is disabled on users' email clients, local security for each machine and an IDS to detect attacks. Also, keep in mind just because SSH is open doesn't mean that they can't use SSH tunnelling to by-pass your AV and other filters.

[faith_in_death]

thans...and one more thing....the trusted cleint for the firewall is mi ip vs my addres....a have permision for all pages...and doeload everithing.....there any way that anyone could impersonate me?¿...( they CAN?T have acces to mi laptop....jejej they'll have to kill me first)...
i have experimiented changing mac addresses but only trougth hardware..there any way they can do it trougth software?¿

[MrLinus]

A hijacking tool like Ettercap would be effective. Might want to investigate into things like Man-in-the-middle attacks and/or hijacking.