I think that we could probably come up with thousands of different ways to compromise the security of an internal network. What about actually securing it? One of the easiest things that I have seen done was impliment an IPSec-based LAN. The setup was simple.
>From the outside in: router -> firewall -> FreeS/WAN gateway -> encrypted traffic to LAN. Each machine on the LAN had it's own keypair that was registered with the gateway, so when a desktop was fired up, it would authenticate itself to the gateway, and it was then free to communicate with anyone. Anyone that was able to sniff the traffic just got encrypted streams. If you could get a system onto the network, it would be useless unless the gateway was compromised to accept a bogus key. C-Ya, Kenny On Thu, 2002-08-01 at 22:32, Tom Buskey wrote: > > I'd think an old 386 would be alot less noticable and more disposable. > > Heck, how about a floppy based system? Go up to an existing machine > already running on a friday afternoon and boot. If it's a floppy, have > it erase itself after it boots. It'd probably run undetected until > monday morning. > > "Kenneth E. Lussier" said: > >So, basically, be suspicious if anyone brings in a gaming console and > >sets it up in the breakroom. > > > >My favorite quote form this was: > > > >"Most organizations focus on the perimeter," said Davis. "Once you get > >through the outside, there's a soft chewy center." > > > >Not a bad read. A little light on the details, and you can't really > >dance to it, so I'd give it a 7.3 ;-) > > > >C-Ya, > >Kenny > > > >On Thu, 2002-08-01 at 13:20, [EMAIL PROTECTED] wrote: > >> > >> We're behind a firewall. We're safe! > >> > >> http://online.securityfocus.com/news/558 > >> > >> Think again! (not that we haven't said *that* before either ;) > >> -- > >> > >> Seeya, > >> Paul > >> > >> > >> > >> ***************************************************************** > >> To unsubscribe from this list, send mail to [EMAIL PROTECTED] > >> with the text 'unsubscribe gnhlug' in the message body. > >> ***************************************************************** > >-- > >---------------------------------------------------------------------------- > >"Tact is just *not* saying true stuff" -- Cordelia Chase > > > >Kenneth E. Lussier > >Sr. Systems Administrator > >Zuken, USA > >PGP KeyID CB254DD0 > >http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xCB254DD0 > > > > > > > >***************************************************************** > >To unsubscribe from this list, send mail to [EMAIL PROTECTED] > >with the text 'unsubscribe gnhlug' in the message body. > >***************************************************************** > > > > -- > ------- > Tom Buskey > > > > ***************************************************************** > To unsubscribe from this list, send mail to [EMAIL PROTECTED] > with the text 'unsubscribe gnhlug' in the message body. > ***************************************************************** -- ---------------------------------------------------------------------------- "Tact is just *not* saying true stuff" -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xCB254DD0 ***************************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *****************************************************************
