[liberationtech] Designing the best network infrastructure for a.Human Rights NGO

Bill Woodcock woody at pch.net
Thu Feb 28 04:57:35 PST 2013 

You want to do this securely, and you're _starting_ with Windows?

    
                -Bill


On Feb 28, 2013, at 7:40, "anonymous2013 at nym.hush.com" <anonymous2013 at nym.hush.com> wrote:

> Hi, 
> We are a human rights NGO that is looking to invest in the best 
> possible level of network security (protection from high-level 
> cyber-security threats, changing circumvention/proxy to protect IP 
> address etc, encryption on endpoints and server, IDS/Physical and 
> Software Firewall/File Integrity Monitoring, Mobile Device 
> Management, Honeypots) we can get for a our internal network. I was 
> wondering if people would critique the following network, add 
> comments, suggestions and alternative methods/pieces of software. 
> (Perhaps if it goes well we could make a short paper out of it, for 
> others to use.)
> 
> -Windows 2012 Server
> -VMWare virtual machines running Win 8 for remote access
> -Industry standard hardening and lock down of all OS systems.
> -Constantly changing proxies
> -PGP email with BES
> -Cryptocard tokens
> -Sophos Enterprise Protection, Encryption and Patch management
> -Sophos mobile management
> -Encrypted voice calls for mobile and a more secure alternative to 
> Skype via Silent Circle.
> -TrueCrypt on all drives - set to close without use after a 
> specific time
> -Easily controlled kill commands
> -False and poison pill files
> -Snort IDS
> -Honeypots
> -Tripwire
> -Cisco Network Appliance
> -No wifi
> -Strong physical protection in a liberal country as regards human 
> rights
> 
> I know there are many other factors, good training, constant 
> monitoring, avoiding spearfishing, penetration testing, etc but if 
> possible I would please like to keep the conversation on the 
> network design and software.
> 
> Thanks guys.
> -Anon
> 
> --
> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech

More information about the liberationtech mailing list