How many here practice what they preach?

[Tiger Shark]

My system at home creates a similar answer to Catch's.... Sort of....

I don't really do anything dangerous from home and my sweetie only did _once_.... Spyware... She hasn't done it since because I locked her down a little bit more. I have a domain that she logs into and the policies are set there. Just to make things a little more difficult for her box to infect mine I don't log in as a domain workstation and nothing on the domain has any rights to my box. If I want to work on the domain I log in to the server via term services and do what I need to.

I use my work's mail sentry to pass all my incoming mail through for my personal domain so it is filtered for executables, viruses and spam there which protects sweetie.... If I want to pass an executable I rename it to .txt and it comes through just fine.

My box has two NIC's, one of which is attached to a hub outside the firewall and "stealthed" but it is usually disabled unless I see the firewall getting a lot of traffic or "odd" traffic in the logs. Then I either fire up Ethereal or Snort on it out of interests sake.

All boxes autoupdate and have AV and sweeties box is firewalled since she is wireless using WPA/PSK, MAC filtered etc. and the WAP is placed in the basement to minimize range... Once I leave the driveway it's almost unusable.

Actually... Now I've listed it all out.... I probably am pretty close to practicing what I preach... Just without the "techno-nazi" label....

[gore]

Is hould get a prize for this:

Two routers with hardware firewalls, nothing is in the DMZ unless someone I trust asks to use my servers....Well, my PCs with services...

This box:

My room has tripwire at the door, anyone who doesn't know (Everyone but me) should **** with my PCs, and whatever they face plant (Fan blades) usually teaches them to not come in here. I have a web cam set up watching movement, speakers turned ona nd a Microphine so I can watch while I'm at school and tell people to get the **** out (VERY funny, I should record it, you'd be shocked how someone can pee their pants when my voice says "Move your ass out of this room or I trip the circuit braker".)

This box dual boots Windows 98 SE so I can play the games Quake and UT and Doom, and SUSE Linux, which is locked down, running no services, all updates are installed, I have custom rule sets for the firewall (I have hardware and then each PC runs software) my encryption is set to 4096 bit, and I have custom permission.

The box next to me is there as of right now soley for Doom3

The box next to that is my server, everything is locked, same as this one except FTP and SSH are allowed, from THIS machine and my laptop unless someone needs to use it then they are allowed entrance for the time being...

My laptop dual boots XP and SUSE, XP is there for Doom at school and on the road, and SUSE is there and locked down with an encrypted file system and some other locks so if it gets stolen, they aren't getting ****. Nothing is allowed, no email is allowed to be checked with XP, and on every box I set my minimum password length to 12 chars and run password cracks every night on each box and then if it cracks one, that account is removed.

My Mom's computer runs Windows 2000, I got pissed when she installed some shitty spyware scanner which was making it crash, so I set custom permission, she can save her **** and run a few choice games, that's it.

Did any of you expect less from the BOFH?

Ahh, for the WIndows installs, virii canners and firewalls and spy protection and no IE.

If you can get in from two routers and hardware firewalls, get into the PCs which ahve nothing running and firewalls on each one (Meaning you have to get in passed two routers, a hardware firewalll, the walls on each PC, and no PCs on here share ANYTHING....)



If you can get in all that I'll give you root myself.

[Tiger Shark]

If you can get in all that I'll give you root myself.

That photo of you in the shorts with the two funny looking girls is on the server is pretty funny..... Root please.....

[gore]

I'll give you root, you couldn't do anything anyway. And that pic doesn't exist. Had you said "**** me your friends are hot and how did you get them to do that" then I would worry.

[Tiger Shark]

Your "hot" is my "funny looking"....

[gore]

And your "hot" is my sale of depends. Old guy.

[Tiger Shark]

LOL.... My eyes still work....

[chsh]

So with all that gore, (btw, thanks for providing a map of your defenses) you'd give me root on your boxes after I stole them all?

[thehorse13]

At work, I'm forced to lock (or attempt to) everything. This is typically where I apply the Nelson-Shepherd cutoff about 10 times a day but that's another matter altogether...

At home, I play cat and mouse with my daughters (who just got thier "Chix0r" t-shirts from geekstuff) so I also run a tight ship here. Instead of blue printing meh setup, let's just say for example that if you asked me about a specific type of packet with, ohhh I dunno, say an odd window size value set, I can tell you when, where and who sent it and if it had an ill affect.

For the hard core geeks, I'm experimenting with IDS tuned to respond like the human body does when an infection enters. Ignore everything normal and attack everything else. I'll let you know how it goes.

[catch]

Hmm gore, that seems a little overkill, considering that I, true to form use no firewalls, malware scanners, and patch my system as often as my work does (every few years if a new application requires it). As for physical security Mike and Maddie (100lbs and 70lbs American Staffordshire Terriers respectively) have that covered... in reality I think they might attempt to lick an intruder to death, but they looks scary.

I guess I am past the "fun" phase of this field and am at the "if it ain't broke, don't fix it" phase.

cheers,

catch