Hi list, - Not really a debian problem, but I value the knowledge of you all :-)
I'd like to get external input to my security considerations... Hardware / Network situation: - Family in an apartment, several other apartments in the same building - Internet by our cable network operator; router offered "for free", providing WLAN to us - Several clients use WLAN exclusively (no ethernet ports) - Several computers and tablets, one of them running several services: - dovecot for mail: automatic download of all mails (no long-term archiving online - privacy!). Other clients (laptops) use offline imap to access my dovecot instance - owncloud for calendar, contacts, files: to synchronize files between different machines, synchronized per user - I created a CA and (sub-) certificates for S/MIME as well as a server certificate used for apache (owncloud, dovecot) Concerns: - WLAN: SSID hidden, strong password, but I can't really trust the router, can I ? - Someone who has access to our local network could get access to mails or files (owncloud) - I have no control over the router (firmware updates? security fixes? I assume it's "really cheap" ...) - How can I maximize security? Ideas: - Configure apache to only accept SSL connections, because of WLAN sniffing (done) - Configure dovecot to only accept SSL connections, because of WLAN sniffing (done) - Configure apache to require SSL client authentication - not yet possible because the owncloud sync client doesn't support that yet - apache: restrict allowed IP addresses using .htaccess file to 192.168.1.1/24. Does this provide security / make sense? - dovecot: is restricting the allowed IP addresses for dovecot possible as well? Does this provide security / make sense? - Any other measures? Thanks for your input! B.M.
