Search Mailing List Archives
[liberationtech] Designing the best network infrastructure for?a.Human Rights NGO
julian at julianoliver.com
Thu Feb 28 05:59:11 PST 2013
..on Thu, Feb 28, 2013 at 01:08:54PM +0000, anonymous2013 at nym.hush.com wrote:
> I knew this was coming at some point. Yes I am starting with
> Windows, it's more functional (awaits incoming) and costs less in
> terms of expensive man hours (the hidden cost vs software) for an
> Linux guru to run and monitor the network.
You really don't have to be a "Linux guru" to run host a server running Linux.
I'm sure many people would be happy to help you in getting going however, if you
are worried as to entry barriers.
In all honesty and without meaning to insult your choice, choosing Windows 2012
Server is simply a bad idea. In fact, you are actually inviting trouble.
I have known people that target Windows Server as a matter of perverse
principle. It is not used by any that care for or understand network security.
Although Windows Server 2012 is better than previous versions, the remote
exploits for Microsoft's servers are numerous, from terminal services to MSSQL
and MS XML core services remote code execution. More so, it's famously easy to
push over with a Denial of Service attack.
You really are better to spend the time setting up a GNU/Linux server. Again,
I'd be happy to advise. Like many on this list, I have administered GNU/Linux
systems for a long time and run my own servers.
> On Thu, 28 Feb 2013 13:03:00 +0000 "Bill Woodcock" <woody at pch.net>
> >You want to do this securely, and you're _starting_ with Windows?
> > -Bill
> >On Feb 28, 2013, at 7:40, "anonymous2013 at nym.hush.com"
> ><anonymous2013 at nym.hush.com> wrote:
> >> Hi,
> >> We are a human rights NGO that is looking to invest in the best
> >> possible level of network security (protection from high-level
> >> cyber-security threats, changing circumvention/proxy to protect
> >> address etc, encryption on endpoints and server, IDS/Physical
> >> Software Firewall/File Integrity Monitoring, Mobile Device
> >> Management, Honeypots) we can get for a our internal network. I
> >> wondering if people would critique the following network, add
> >> comments, suggestions and alternative methods/pieces of
> >> (Perhaps if it goes well we could make a short paper out of it,
> >> others to use.)
> >> -Windows 2012 Server
> >> -VMWare virtual machines running Win 8 for remote access
> >> -Industry standard hardening and lock down of all OS systems.
> >> -Constantly changing proxies
> >> -PGP email with BES
> >> -Cryptocard tokens
> >> -Sophos Enterprise Protection, Encryption and Patch management
> >> -Sophos mobile management
> >> -Encrypted voice calls for mobile and a more secure alternative
> >> Skype via Silent Circle.
> >> -TrueCrypt on all drives - set to close without use after a
> >> specific time
> >> -Easily controlled kill commands
> >> -False and poison pill files
> >> -Snort IDS
> >> -Honeypots
> >> -Tripwire
> >> -Cisco Network Appliance
> >> -No wifi
> >> -Strong physical protection in a liberal country as regards
> >> rights
> >> I know there are many other factors, good training, constant
> >> monitoring, avoiding spearfishing, penetration testing, etc but
> >> possible I would please like to keep the conversation on the
> >> network design and software.
> >> Thanks guys.
> >> -Anon
> >> --
> >> Too many emails? Unsubscribe, change to digest, or change
> >password by emailing moderator at companys at stanford.edu or
> >changing your settings at
> >Too many emails? Unsubscribe, change to digest, or change password
> >by emailing moderator at companys at stanford.edu or changing your
> >settings at
> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
More information about the liberationtech