Security behind a router?

Scott C. Best sbest "at" best.com
Mon Mar 22 19:22:01 2004


Gary:
	Your system sounds pretty solid -- even your access-point
precautions are well done. The only piece I might suggest to add on
is a "intrusion detection" utility like Snort or Kaboodle. Snort
monitors LAN traffic to detect malicious network traffic patterns
(eg, the ARP poisoning someone might attempt when trying to hijack
a wireless connection); Kaboodle is more simplistic in that it just
monitors network population.
	Either way, it's always nice to be sure that your wireless
LAN population is always made up of exactly what you think it should
be. :)

cheers,
Scott

> > In that case, as long as your router does not forward connections
> > from the Internet that are VNC related then there is no need to
> > set-up AuthHosts as any such attempted connections from the Internet
> > will be blocked by your router.
>
> I believe that is the case.  I haven't explicitly opened any VNC
> ports on the router.  The test tools I know of (grc.com,
> dslreports.com) only check the first 1056 ports, but those ports
> are locked solid.  But I thought it was prudent to close down the
> AuthHosts just in case -- belt and suspenders.
>
> > I assume that there is no snooping within the network....
>
> Right.  This is a small private LAN in our house, with 5
> computers on it for our several businesses.  The only people with
> physical access to the computers are my wife and I.  The router
> is a Wifi access point but I've locked that down as securely as I
> can.  (No SSID broadcast, encrypted transmissions, connections
> limited to a specified set of MAC addresses, etc.)  I feel fairly
> safe from external attack.  I just wanted to make sure VNC
> wouldn't open up a new security hole.
<snip>