|
-
June 28th, 2004, 11:42 AM
#11
Originally posted here by Darksnake
Sir Dice, you can still use a ids on the incoming port from the internet which would inform you about these fishy things people try. Wouldnt you say?
Yes. But I like to put an IDS before and after the firewall. That way I can verify that the firewall is doing it's job properly (i.e. nobody made a configuration error).
Oliver's Law:
Experience is something you don't get until just after you need it.
-
July 2nd, 2004, 11:17 AM
#12
Member
Hello all,
In this particular scenario, I can't see any added benefit to having the link between CAPTAIN and GRUNT encrypted. Before accessing CAPTAIN, a hacker would first have to have control, at least to some degree, of GRUNT. Once acheived, the now compromised GRUNT will have full access to CAPTAIN (or whatever access GRUNT normally has), whether the link between the two boxes is encrypted or not. Because CAPTAIN trusts GRUNT, if you take control of GRUNT you take control of CAPTAIN. The encrypted tunnel will just as happily carry hacker traffic from GRUNT to CAPTAIN as it will legitimate traffic, once GRUNT is compromised.
Regards,
Alan Mott
-
July 2nd, 2004, 11:57 AM
#13
Senior Member
Hi, if a hacker were to see this network if the router has NAT(network address translation) he will only see the router and none of the other boxes.
cheers,
J
-
July 2nd, 2004, 01:31 PM
#14
Hey Hey,
I might have missed it, or I may be sleeping (well not sleeping, haven't slept yet).. but half asleep.... Anyways.. What kind of router are we assuming? When I hear router, I think Cisco, Nortel, something of substance... however the term router has been raped and now refers to **** like linksys, dlink, smc, etc.... In my opinion the type of router makes a huge difference in this scenerio. Another question would be what are we dealing with, home setup off a cable/DSL modem w/ a single IP address, a company with a single IP address on a true dedicated connection, or a company with many IP addresses?
As far as hiding the connection, that requires you hide the process, modify binaries, and assume that the attacker (sounds better than hacker doesn't it) hasn't brought in his own binaries that'll identify what's going on. Besides a simple port scan would show the open port and they could work from there..
Regardless of what's this system is being used for.. I think you'd ultimately have to weigh cost (dollars, man-hours, resources) vs effectiveness. In the end you're not going to have any added security over a system secured properly. It may take the attacker a bit longer to figure out what's going on, but as long as your "standard" security is up to par, then they have to be somewhat decent to get to where they are, so they'll probably figure out what rest. If it's some little skiddie, then you'd have to question where you went wrong in your basic security setup to let them in, and the rest doesn't really matter.
Peace,
HT
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote