Re: Securing a Network - What's the most secure Network/Server OS? - Is there a secure way to use Shares?

To: debian-security@lists.debian.org
Subject: Re: Securing a Network - What's the most secure Network/Server OS? - Is there a secure way to use Shares?
From: Sebastian Günther <samson@guenther-roetgen.de>
Date: Sun, 1 Mar 2009 23:18:19 +0100
Message-id: <[🔎] 20090301221819.GA1877@marvin.heimnetz.local>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 7abf96460903010614q76c758b3l1904ceb10314870e@mail.gmail.com>
References: <[🔎] 7abf96460903010614q76c758b3l1904ceb10314870e@mail.gmail.com>

* Chip Panarchy (forumanarchy@gmail.com) [01.03.09 15:30]:
> Hello
> 
> So far, when I have posted on this Mailing-List I have recieved some
> very informative replies.
> 
> I am currently studying for a few certifications, (amongst them MCSE,
> Security+ & the CCNA), and would like to learn how to design a secure
> network.
> 
> Please help me with this endeavor.
> 

[ Hypothetical situation; ]

> Now onto my question. For a convoluted network as pictured above,
> (hypothetical, of course), what kind of Server (NOS included?)
> operating system should I install, and how should I configure it?
> 
> I want to know this only by a security standpoint. Things that are important;
> ############
> # SECURITY #
> ############
> - Encryption of all traffic (256-bit)
> - Shares (if possible to have Shares and still maintain a secure network)
> - Centralised secure storage of Data (Storage)
> - Centralised secure storage of User accounts
> - Unattended installation of (at the very least) the 500 Windows boxes
> - Internet
> 
> Please tell me what I would need in this situation, not interested in
> how many people would be needed, how much money it would cost, or how
> much time it would take.

Well you need information about what should be secured and against what 
threat it should be secured.

Any of your information does not explain what you are trying to achieve.

Security is not a sole purpose, it is a pool of measures against one or 
more threads. There is no such thing as 100% security...

> 
> Now time to summarise my questions in an easy to review format;
> 
> 1. Which Server Operating system should I install on my Server?
> 2. To make the Network fast (e.g. Gigabit NICs on all computers & more
> Servers etc.), as well as secure, what would I need to do?
> 3. What is the best way to have 256-bit encryption of all traffic on
> this network?
> 4. Is it possible to have Shared folders, yet still attain a
> high-level of security on this Network?
> 5. Would it be possible to have Centralised Storage/Resources?
> 6. Could it be possible to have a Centralised User Account database,
> for this entire network?
> 7. Would you think it a good idea to use a Debian server for Repositories?
> 
> Please try your best to answer those 6 questions.

I count 7...
But I won't answer to any of these, because there are missing some 
fundamental constraints in this scenario to make any useful suggestions.

Sebastian

-- 
 " Religion ist das Opium des Volkes. "      Karl Marx

 SEB@STI@N GÜNTHER         mailto:samson@guenther-roetgen.de

Attachment: pgpmSLNywCACu.pgp
Description: PGP signature

Reply to:

References:
- Securing a Network - What's the most secure Network/Server OS? - Is there a secure way to use Shares?
  - From: Chip Panarchy <forumanarchy@gmail.com>

Prev by Date: Re: Securing a Network - What's the most secure Network/Server OS? - Is there a secure way to use Shares?
Next by Date: Re: [Koumbit #27201] [SECURITY] [DSA 1731-1] New ndiswrapper packages fix arbitrary code execution vulnerability
Previous by thread: Re: Securing a Network - What's the most secure Network/Server OS? - Is there a secure way to use Shares?
Next by thread: Re: [Koumbit #27201] [SECURITY] [DSA 1731-1] New ndiswrapper packages fix arbitrary code execution vulnerability
Index(es):
- Date
- Thread