Re: [SLUG] Need some guidance

From: Chuck Hast (kp4djt@tampabay.rr.com)
Date: Thu Jul 04 2002 - 08:04:39 EDT


On Monday 01 July 2002 23:05 L, you wrote:
> On Monday 01 July 2002 22:38, Chuck Hast wrote:

> The worst that could happen would probably be the Linux box locking up.
> Test it WELL before showing off! I put guy on jorganizer and it apparently
> lost a bunch of data. I reported it to KDE but he refused to touch it after
> that.
>
Well things have changed, I was asked by development to "build up a\
Linux laptop" for a sales demo system in order to replace a TADPOLE
machine, so now it is no longer a "show and tell" it is a imperative.
They will actually be putting the software on it once I put the OS on.

>
> If this is accessable by the public you don't want to leave any compilers
> and otherwise useful tools for hackers to use. Setup a Demiliterized Zone
> with a firewall on each side of it. Drop the web server in the middle and
> your LAN after the second. Use NAT on both subnets. You want to use
> stateless inspection as much as possible to the open world. Again OpenBSD
> is in a class of it's own. 32MB works. Linux is also getting very well
> known and root kits come out every now and then. Look at the track record
> of OpenBSD.

In this case since they will also be using it for some development when it is
not being used for sales, it will have the compilers and tools on it.
In fact in the end there will be two machines, one being the side that shows
the dispatch and field piece and the other being the server side, these will
be carried around in a case for demo reasons. The present system consist
of two laptops and a Tadpole, the laptops are the field and dispatch machines
and the Tadpole is the server.
>
> Remember you have two things on ANY permanent connection that is valuable
> to hackers: Someone elses identity to attack from, and a place to store
> tools on. That can cause you enough headache without even having your data
> lost or altered.

These things run either as a island network (when doing a demo) or connected
to our internal network at work so they are protected.

-- 
Chuck Hast
KP4DJT
kp4djt@tampabay.rr.com
To paraphrase my flight instructor;
"the only dumb question is the one you DID NOT ask resulting in my
going out and having to identify your bits and pieces in the midst of
torn and twisted metal."



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 13:28:09 EDT