Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Designing the best network infrastructure for a.Human Rights NGO

anonymous2013 at nym.hush.com anonymous2013 at nym.hush.com
Thu Feb 28 05:22:24 PST 2013


Can we please get back to the issue at hand....

On Thu, 28 Feb 2013 13:16:03 +0000 "Bill Woodcock" <woody at pch.net> 
wrote:
>Ah, yes, those expensive man-hours.  Security is so much easier 
>when you don't give it time and attention.  It also doesn't work. 
>
>    
>                -Bill
>
>
>On Feb 28, 2013, at 8:09, "anonymous2013 at nym.hush.com" 
><anonymous2013 at nym.hush.com> wrote:
>
>> I knew this was coming at some point. Yes I am starting with 
>> Windows, it's more functional (awaits incoming) and costs less 
>in 
>> terms of expensive man hours (the hidden cost vs software) for 
>an 
>> Linux guru to run and monitor the network.
>> 
>> On Thu, 28 Feb 2013 13:03:00 +0000 "Bill Woodcock" 
><woody at pch.net> 
>> wrote:
>>> You want to do this securely, and you're _starting_ with 
>Windows?
>>> 
>>> 
>>>               -Bill
>>> 
>>> 
>>> On Feb 28, 2013, at 7:40, "anonymous2013 at nym.hush.com" 
>>> <anonymous2013 at nym.hush.com> wrote:
>>> 
>>>> Hi, 
>>>> We are a human rights NGO that is looking to invest in the 
>best 
>>>> possible level of network security (protection from high-level 
>
>>>> cyber-security threats, changing circumvention/proxy to 
>protect
>>> IP 
>>>> address etc, encryption on endpoints and server, IDS/Physical
>>> and 
>>>> Software Firewall/File Integrity Monitoring, Mobile Device 
>>>> Management, Honeypots) we can get for a our internal network. 
>I
>>> was 
>>>> wondering if people would critique the following network, add 
>>>> comments, suggestions and alternative methods/pieces of
>>> software. 
>>>> (Perhaps if it goes well we could make a short paper out of 
>it,
>>> for 
>>>> others to use.)
>>>> 
>>>> -Windows 2012 Server
>>>> -VMWare virtual machines running Win 8 for remote access
>>>> -Industry standard hardening and lock down of all OS systems.
>>>> -Constantly changing proxies
>>>> -PGP email with BES
>>>> -Cryptocard tokens
>>>> -Sophos Enterprise Protection, Encryption and Patch management
>>>> -Sophos mobile management
>>>> -Encrypted voice calls for mobile and a more secure 
>alternative
>>> to 
>>>> Skype via Silent Circle.
>>>> -TrueCrypt on all drives - set to close without use after a 
>>>> specific time
>>>> -Easily controlled kill commands
>>>> -False and poison pill files
>>>> -Snort IDS
>>>> -Honeypots
>>>> -Tripwire
>>>> -Cisco Network Appliance
>>>> -No wifi
>>>> -Strong physical protection in a liberal country as regards
>>> human 
>>>> rights
>>>> 
>>>> I know there are many other factors, good training, constant 
>>>> monitoring, avoiding spearfishing, penetration testing, etc 
>but
>>> if 
>>>> possible I would please like to keep the conversation on the 
>>>> network design and software.
>>>> 
>>>> Thanks guys.
>>>> -Anon
>>>> 
>>>> --
>>>> Too many emails? Unsubscribe, change to digest, or change
>>> password by emailing moderator at companys at stanford.edu or 
>>> changing your settings at 
>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>> 
>>> --
>>> Too many emails? Unsubscribe, change to digest, or change 
>password 
>>> by emailing moderator at companys at stanford.edu or changing your 
>
>>> settings at 
>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>




More information about the liberationtech mailing list