Network Security/Meeting Notes 2019-03-11

From SOBAC Wiki
< Network Security
Revision as of 05:08, 25 March 2019 by BobJonkman (talk | contribs) (Link to pfSense)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Network Security

Date
Monday, 11 March 2019 from 7:00pm to 9:00pm iCal
Meetup Event
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/257702185/
Location
*** Room 1300 *** -- Conrad Grebel University College, 140 Westmount Rd. N., Waterloo, Ontario Map


We've talked about Malware and the importance of Keeping Computers Up To Date, and even just about The Things We Should Fear. But what new hazards are unveiled when you connect two or more computers together? When some of those computers aren't on your own network? When malusers are out there trying to break into your network? When you're actually inviting everyone into your network by running servers and services? Should you just outsource everything? Or are there tools available for the Non-Profit SysAdmin to help secure your networks?

We'll talk about the hazards of running a public network, and go over a list of tools and software.

--Marc Paré & Bob Jonkman




Resources

  • Firewalls
    • The most secure firewall: Nipper for Electronic Wire (Old).png
    • Another secure firewall: pfSense
  • Intrusion Detection Software
  • Pen Testing apps



Meeting Notes

Spoke about resources, war stories


  • Proprietary mail systems
    • Errors in implementation, makes mail inaccessible, or sends mail when unwanted.
    • Corporate culture prevents people from speaking of security flaws


  • Bugs in the software
  • Errors in procedures


The Cloud
  • "If the data was in the cloud it would have been safe"
  • What is The Cloud?
    • Somebody manages the servers, still subject to human error
    • But reduces the human interaction that is needed
    • Maybe if everything is run by robots...
      • But that's not the way Nonprofits operate, engaging people to be more involved


  • Open Source groups want more interaction, so still room for error
    • eg. LibreOffice: Get a professional to manage website? Or keep local group involvement? No to robots


  • Robots have programmers too
    • One more level of abstraction


  • Problems solved?
    • Email spoofing, phishing schemes: Joe Jobs, third-party addressbooks breached
    • Could contact the apparent sender, but that person may not be involved in the message at all


Tour of pfSense

Bob Jonkman logged into his live pfSense installation and stepped through each of the menu items.


Multiple connections to isolate traffic
  • While Bob's installation has only two connections (WAN, LAN), it is possible to isolate Internet-facing servers on their own network connection (DMZ) to isolate that traffic from the internal LAN.
  • pfSense supports many network connections, useful for separate campus sites


Back to: Network Security