Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
inbox:security:security-guide-for-the-paradoid [2018/03/03 16:25] – ↷ Page moved from inbox:user-guide:security:security-guide-for-the-paradoid to inbox:security:security-guide-for-the-paradoid bobafetthotmaildocs:guide-user:security:security_guide_for_the_paranoid [2021/12/05 11:05] (current) – [Network topology] vgaetera
Line 7: Line 7:
 You may react and discuss using this forum thread: You may react and discuss using this forum thread:
  
-https://forum.lede-project.org/t/security-guide-for-the-paranoid/+https://forum.openwrt.org/t/security-guide-for-the-paranoid/
 ===== Who is this guide for? ===== ===== Who is this guide for? =====
  
Line 60: Line 60:
   * The Admin console zone is name **paranoiac zone**. It is not connected to Internet and you should never update/install software. It is encrypted and connects to other stations using a serial console server. Serial console is an old secure and simple protocol. This zone may only be penetrated using professional penetration tools which cannot be purchased easily: false keyboards with key loggers, electrical equipment with hidden network, wireless screen viewer, remote access to a hidden network card hidden in a sound card. If your activities are legal, you should be safe.   * The Admin console zone is name **paranoiac zone**. It is not connected to Internet and you should never update/install software. It is encrypted and connects to other stations using a serial console server. Serial console is an old secure and simple protocol. This zone may only be penetrated using professional penetration tools which cannot be purchased easily: false keyboards with key loggers, electrical equipment with hidden network, wireless screen viewer, remote access to a hidden network card hidden in a sound card. If your activities are legal, you should be safe.
   * The DMZ zone is a **high security zone**. It should be locked in a small cabinet with no human access except you and your top-boss. In fact, even in a 1000 people company, only you.   * The DMZ zone is a **high security zone**. It should be locked in a small cabinet with no human access except you and your top-boss. In fact, even in a 1000 people company, only you.
-  * The "Trusted zone" is a **daily security zone**, which means you should care for security, but in a usual way: install updates, make sure to avoid unknown software, etc ... This zone includes should include only trusted hosts connected using wires (no WIFI). The question whether Windows OS is trusted or not remains and only you can answer. IMHO, Windows cannot be trusted as most recent desasters are due to poor security in Windows. Do don't expect to fix this alone. +  * The "Trusted zone" is a **daily security zone**, which means you should care for security, but in a usual way: install updates, be sure to avoid unknown software, etc. This zone includes should include only trusted hosts connected using wires (no WIFI). The question whether Windows OS is trusted or not remains and only you can answer. IMHO, Windows cannot be trusted as most recent desasters are due to poor security in Windows. Do don't expect to fix this alone. 
-  * The **Untrusted zone** is a zone where untrusted computers, phones and tablets are living their daily unsecure life. This is where you should also put any equipment managed remotely: game stations, connected TVs, etc ... We could also call it "Mission impossible zone", as it is really too difficult to manage.+  * The **Untrusted zone** is a zone where untrusted computers, phones and tablets are living their daily unsecure life. This is where you should also put any equipment managed remotely: game stations, connected TVs, etc. We could also call it "Mission impossible zone", as it is really too difficult to manage.
  
  • Last modified: 2021/12/05 11:05
  • by vgaetera