Untangle Your Network Security - What I Would Like To See

Article Index

What I Would Like To See

There are a few security products that would be nice to have implemented on the same box.  I could maintain them on my low-grade Debian Sarge box, but it is about 6 years old and is only a Pentium III 933MHz.

NoCatAuth provides a nice little welcome page with login any time someone connects with a web browser.  From time to time, I turn off WPA encryption on the wireless network so that I can see who out there is gaining access.  Having the ability to have the disclaimer would warn people that I have the ability to actively monitor and capture all traffic from such unauthorized use.  It also would alert friends who are visiting me to keep their behavior acceptable.  Believe it or not, I have had people try to hack into my network when they visit.  Little do they know that all of my internal communications operate through secure ssh tunnels for every computer on my network.  This prevents just such behavior.  But it is nice to be able to snoop back and provide them a warning that I am doing so.

One other addition that would be nice to see is OSSEC HIDS from Daniel Cid over at www.ossec.net.  OSSEC monitors the inside computers (completely cross platform) to detect internal issues. It provides a nice vehicle for internal log analysis, integrity checking, rootkit detection, time-based alerting and active response.  Since I have the drive capacity and the system already has the capability to see all network traffic, there is great potential to implement it as a monitoring tool and to incorporate it into the reports so that you can see what issues exist on the inside network.