It is a guide explaining how to set up a home/small company using deep defense:
A main LEDE router
Secondary routers organized by zones: trusted, untrusted, DMZ.
A serial console server and an admini console, with no connection to Internet.
A logging server and network probes.
First, I need to upload SVG graphics made with dia and I notice that i don't have sufficient rights.
Could you allow me to upload graphics to the WIKI?
Also, where should my howto stand while it is being written ?
we need a guide for people just a touch less paranoid.
Linux may be full of security holes, but the holes are still smaller than the
competition, and it's routinely used for things you really care about (like
secureing your bank account)
I really appreciate your suggestion to use only Free Software. That said, you immediately follow that suggestion up with a reference to "commerical software". This implies that "commercial software" is somehow different or "at odds with" Free Software. This is a common misunderstanding in our circles and I'd prefer to not see the same confusion repeated here (if possible). Free Software is software that grants its users 4 essential freedoms (these are well documented on fsf.org) while non-free software is any software that is not free (as in freedom). It's about the amount of freedom granted and has nothing to do with cost. At the end of the day, there are only really 2 groups of software: free and non-free. What you pay for any instance of either is totally unrelated.
While I did get into LEDE for the rootkits and the network defense, I think you may be a bit too isolated from the average developers/admins.
Personally the first thing on my list would be not to use this site. Nothing against the dev team, but the attack surface on a lot of the JavaScript frameworks is just too large and I think it is legitimately hard to keep up with the bugfixes.
I wouldn’t use SVGs either. Aren’t those like executable images? No PDFs either, unless it’s a honeypot server.
I’ve been checking out Bro, it’s basically an event based scripting language for packet analysis.
I’m curious, what do you guys think of the skill of these botnet developers?
@ffries Since this page hasn't seen any relevant edits in more than two years now: Is this page still work in progress? Can the WIP and "do not modify" be removed now?