NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
General Security Steps?
Hello all, Our Polycom system was hacked into recently, and it resides on the same network as our ReadyNAS. I’ve fixed the vulnerabilities on the Polycom, but am now worried about the ReadyNAS Pro ...
If you are willing to go SSH, you can check fail2ban, iptables, clamAV and SELinux.
Iptables and ClamAV are simple enough and low-risk if you spend some time to test before applying setting at boot (that way if you shut the SSH port you won't be locked out, you would only have to reboot and correct the script).
Fail2ban is simple on unmodified debian but I got many warnings and errors when trying on my RN104. Had to reinstall some logging add-on too (Rsyslog I think, not sure).
As for SE-Linux I didn't mess with it at all, but it should help your linux deal with scripts.
If you want a complete picture, Snort is a good pick too but it will eat a lot of ressources.
I agree for VPN, if you can grab some potent firewall this would be helpful to have traffic checked before of after port forwarding.
I don't know what equipment you have (you sound like you speaking for some enterprise), but if you have professional stuff like Cisco routers, you can enable the Zone based firewall if you have the license for it. Otherwise a good machine with PFsense, Sophos UTM, untangle or that kind of stuff can be a solution. A dedicated appliance like Checkpoint or Palo alto Networks is another possibility.
Iptables and ClamAV are simple enough and low-risk if you spend some time to test before applying setting at boot (that way if you shut the SSH port you won't be locked out, you would only have to reboot and correct the script).
Fail2ban is simple on unmodified debian but I got many warnings and errors when trying on my RN104. Had to reinstall some logging add-on too (Rsyslog I think, not sure).
As for SE-Linux I didn't mess with it at all, but it should help your linux deal with scripts.
If you want a complete picture, Snort is a good pick too but it will eat a lot of ressources.
I agree for VPN, if you can grab some potent firewall this would be helpful to have traffic checked before of after port forwarding.
I don't know what equipment you have (you sound like you speaking for some enterprise), but if you have professional stuff like Cisco routers, you can enable the Zone based firewall if you have the license for it. Otherwise a good machine with PFsense, Sophos UTM, untangle or that kind of stuff can be a solution. A dedicated appliance like Checkpoint or Palo alto Networks is another possibility.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
