[liberationtech] Designing the best network infrastructure for a.Human Rights NGO
anonymous2013 at nym.hush.com
anonymous2013 at nym.hush.com
Thu Feb 28 05:22:24 PST 2013
Can we please get back to the issue at hand....
On Thu, 28 Feb 2013 13:16:03 +0000 "Bill Woodcock" <woody at pch.net>
wrote:
>Ah, yes, those expensive man-hours. Security is so much easier
>when you don't give it time and attention. It also doesn't work.
>
>
> -Bill
>
>
>On Feb 28, 2013, at 8:09, "anonymous2013 at nym.hush.com"
><anonymous2013 at nym.hush.com> wrote:
>
>> I knew this was coming at some point. Yes I am starting with
>> Windows, it's more functional (awaits incoming) and costs less
>in
>> terms of expensive man hours (the hidden cost vs software) for
>an
>> Linux guru to run and monitor the network.
>>
>> On Thu, 28 Feb 2013 13:03:00 +0000 "Bill Woodcock"
><woody at pch.net>
>> wrote:
>>> You want to do this securely, and you're _starting_ with
>Windows?
>>>
>>>
>>> -Bill
>>>
>>>
>>> On Feb 28, 2013, at 7:40, "anonymous2013 at nym.hush.com"
>>> <anonymous2013 at nym.hush.com> wrote:
>>>
>>>> Hi,
>>>> We are a human rights NGO that is looking to invest in the
>best
>>>> possible level of network security (protection from high-level
>
>>>> cyber-security threats, changing circumvention/proxy to
>protect
>>> IP
>>>> address etc, encryption on endpoints and server, IDS/Physical
>>> and
>>>> Software Firewall/File Integrity Monitoring, Mobile Device
>>>> Management, Honeypots) we can get for a our internal network.
>I
>>> was
>>>> wondering if people would critique the following network, add
>>>> comments, suggestions and alternative methods/pieces of
>>> software.
>>>> (Perhaps if it goes well we could make a short paper out of
>it,
>>> for
>>>> others to use.)
>>>>
>>>> -Windows 2012 Server
>>>> -VMWare virtual machines running Win 8 for remote access
>>>> -Industry standard hardening and lock down of all OS systems.
>>>> -Constantly changing proxies
>>>> -PGP email with BES
>>>> -Cryptocard tokens
>>>> -Sophos Enterprise Protection, Encryption and Patch management
>>>> -Sophos mobile management
>>>> -Encrypted voice calls for mobile and a more secure
>alternative
>>> to
>>>> Skype via Silent Circle.
>>>> -TrueCrypt on all drives - set to close without use after a
>>>> specific time
>>>> -Easily controlled kill commands
>>>> -False and poison pill files
>>>> -Snort IDS
>>>> -Honeypots
>>>> -Tripwire
>>>> -Cisco Network Appliance
>>>> -No wifi
>>>> -Strong physical protection in a liberal country as regards
>>> human
>>>> rights
>>>>
>>>> I know there are many other factors, good training, constant
>>>> monitoring, avoiding spearfishing, penetration testing, etc
>but
>>> if
>>>> possible I would please like to keep the conversation on the
>>>> network design and software.
>>>>
>>>> Thanks guys.
>>>> -Anon
>>>>
>>>> --
>>>> Too many emails? Unsubscribe, change to digest, or change
>>> password by emailing moderator at companys at stanford.edu or
>>> changing your settings at
>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>
>>> --
>>> Too many emails? Unsubscribe, change to digest, or change
>password
>>> by emailing moderator at companys at stanford.edu or changing your
>
>>> settings at
>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
More information about the liberationtech
mailing list