[liberationtech] Designing the best network infrastructure for a.Human Rights NGO

Bill Woodcock woody at pch.net
Thu Feb 28 05:15:53 PST 2013 

Ah, yes, those expensive man-hours.  Security is so much easier when you don't give it time and attention.  It also doesn't work. 

    
                -Bill


On Feb 28, 2013, at 8:09, "anonymous2013 at nym.hush.com" <anonymous2013 at nym.hush.com> wrote:

> I knew this was coming at some point. Yes I am starting with 
> Windows, it's more functional (awaits incoming) and costs less in 
> terms of expensive man hours (the hidden cost vs software) for an 
> Linux guru to run and monitor the network.
> 
> On Thu, 28 Feb 2013 13:03:00 +0000 "Bill Woodcock" <woody at pch.net> 
> wrote:
>> You want to do this securely, and you're _starting_ with Windows?
>> 
>> 
>>               -Bill
>> 
>> 
>> On Feb 28, 2013, at 7:40, "anonymous2013 at nym.hush.com" 
>> <anonymous2013 at nym.hush.com> wrote:
>> 
>>> Hi, 
>>> We are a human rights NGO that is looking to invest in the best 
>>> possible level of network security (protection from high-level 
>>> cyber-security threats, changing circumvention/proxy to protect
>> IP 
>>> address etc, encryption on endpoints and server, IDS/Physical
>> and 
>>> Software Firewall/File Integrity Monitoring, Mobile Device 
>>> Management, Honeypots) we can get for a our internal network. I
>> was 
>>> wondering if people would critique the following network, add 
>>> comments, suggestions and alternative methods/pieces of
>> software. 
>>> (Perhaps if it goes well we could make a short paper out of it,
>> for 
>>> others to use.)
>>> 
>>> -Windows 2012 Server
>>> -VMWare virtual machines running Win 8 for remote access
>>> -Industry standard hardening and lock down of all OS systems.
>>> -Constantly changing proxies
>>> -PGP email with BES
>>> -Cryptocard tokens
>>> -Sophos Enterprise Protection, Encryption and Patch management
>>> -Sophos mobile management
>>> -Encrypted voice calls for mobile and a more secure alternative
>> to 
>>> Skype via Silent Circle.
>>> -TrueCrypt on all drives - set to close without use after a 
>>> specific time
>>> -Easily controlled kill commands
>>> -False and poison pill files
>>> -Snort IDS
>>> -Honeypots
>>> -Tripwire
>>> -Cisco Network Appliance
>>> -No wifi
>>> -Strong physical protection in a liberal country as regards
>> human 
>>> rights
>>> 
>>> I know there are many other factors, good training, constant 
>>> monitoring, avoiding spearfishing, penetration testing, etc but
>> if 
>>> possible I would please like to keep the conversation on the 
>>> network design and software.
>>> 
>>> Thanks guys.
>>> -Anon
>>> 
>>> --
>>> Too many emails? Unsubscribe, change to digest, or change
>> password by emailing moderator at companys at stanford.edu or 
>> changing your settings at 
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>> 
>> --
>> Too many emails? Unsubscribe, change to digest, or change password 
>> by emailing moderator at companys at stanford.edu or changing your 
>> settings at 
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>

More information about the liberationtech mailing list