Security in our local network
Hi list,
- Not really a debian problem, but I value the knowledge of you all :-)
I'd like to get external input to my security considerations...
Hardware / Network situation:
- Family in an apartment, several other apartments in the same building
- Internet by our cable network operator; router offered "for free", providing WLAN to us
- Several clients use WLAN exclusively (no ethernet ports)
- Several computers and tablets, one of them running several services:
- dovecot for mail: automatic download of all mails (no long-term archiving online - privacy!).
Other clients (laptops) use offline imap to access my dovecot instance
- owncloud for calendar, contacts, files: to synchronize files between different machines,
synchronized per user
- I created a CA and (sub-) certificates for S/MIME as well as a server certificate
used for apache (owncloud, dovecot)
Concerns:
- WLAN: SSID hidden, strong password, but I can't really trust the router, can I ?
- Someone who has access to our local network could get access to mails or files (owncloud)
- I have no control over the router (firmware updates? security fixes? I assume it's
"really cheap" ...)
- How can I maximize security?
Ideas:
- Configure apache to only accept SSL connections, because of WLAN sniffing (done)
- Configure dovecot to only accept SSL connections, because of WLAN sniffing (done)
- Configure apache to require SSL client authentication - not yet possible because the
owncloud sync client doesn't support that yet
- apache: restrict allowed IP addresses using .htaccess file to 192.168.1.1/24. Does
this provide security / make sense?
- dovecot: is restricting the allowed IP addresses for dovecot possible as well?
Does this provide security / make sense?
- Any other measures?
Thanks for your input!
B.M.
Reply to: