Security Questions
I have read Security-Quickstart-HOWTO.
I believe my home network has been compromised (my daughter received
returned emails she neversent) and plan to take drastic action. The
network consists of DSL modem, a wireless router and four computers. I
have no concerns about the family members and the houses in the
neighborhood are widely separated so it is very unlikely that the
wireless connection has been used by outsiders. The DSL link to the
internet is my concern. Here are my quesions:
1. How to erase hard drives? I plan to pull one computer off line and
reinstall Debian Woody and Windows from CD's (Regretably I still need
Windows for a few applications). Is reinstallation enough or must, and
can, the hard drives be wiped clean of any residual programs?
2. What is the best Firewall? I have an old Compaq 486 machine with no
math coprocessor. I assume I can install two ethernet cards (I believe
it has two PCI slots, must look though), load Woody, set up iptables and
a sniffer and place it between the DSL modem and the wireless router.
When I am ready to put this firewall in place I have all the computers
off line. I will bring up the one that has its operating systems and
applications reinstsalled from CD's and download all the security
updates from Debian and Microsoft. The procedure can then be repeated
for the other computers.
3. DHCP or static addresses? I have been using static addresses. I
believe I have seen in the references that it is possible to set the
wireless router to receive and transmit to these addresses only? If so,
is this the best approach?
4. How to deal with a rogue computer? The fly in this ointment is my
grandson's laptop, a gift from his father (my daughter's ex-husband).
It came with XP Professional and I don't have the CD's to reistall it.
My grandson likes to go on the internet and also use our wireless
network to print his homework on one of the printers attached to the
fixed computers. Would it work and not compromise the system if I give
it a static address and instruct the other computer's on the network to
refuse any transmissions from this address? And could I then attach one
of the printers to the computer serving as the firewall and allow all
the computers on the network to use this printer without cmpromising the
system?
I would greatly appreciate responses to the above questions and any
recommendations of alternate and, or additonal steps to secure the network.
Tom George
Reply to: