What is your security setup these days?

@Kees :

You need to put the user in question into your mental blocklist.
There is a golden rule in all forums - "Don´t feed the trolls".

Every single post from said user is pure fiction. That goes for both his current account and his old, now banned, account.
He just googles the IT-buzz word of the day, and then shows up here pretending to know something.

 

UPS is really there for voltage variance control, and as a 'temporary' backup until the natural gas powered Generac fires up. There is between a 2-5 minute day until the Generac fires up. So the UPS is for voltage variances, because a generator can spike voltage on the change, and to provide backup for the 2-5 minute delay. I should add, my entire home has a GOES KVAR, essentially 2 giant capacitors so I store my own reactive power in the home, and it conditions the line from dirty power, and rogue frequencies.

As noted, time-lock is purely for Wireless Only ASUS RT-AC87 in AP mode, of course wired is available through the night, and is cloud sync'd with an encrypted COLO solution my company offers. I should probably note that as part of the whole update. My 12TB NAS is actually a bit of overkill, mostly because I often restrict backups to crucial data files, such as logs and captures from the security server (cam events, etc). I can rebuild the VM in minutes if I need to, but the security telemetry is crucial. Part of the NAS is pointing outward for a personal FTP server.

PS: I never disclosed how many people are in this house, you'd be wrong to make assumptions in this area.

 

I am appalled to see that any of us would question any aspect of this member's postings. Clearly, anyone with such an overly impressive alphabet soup of certifications following his name is worthy of unquestioned reverence.

Thank you.

 

Physical security is Layer 1. Of course that is considered.

Frank, you are welcome over anytime. I should post pictures of my setup.

 

Added in omissions.

Connection/Multi-Homed:
180Mbps Cable Connection WAN1
AT&T 10Mbps DSL - Multi-Homed, Failover via WAN2.
AT&T 4G LTE Hotspot Box - Provided by work for free, in the event everything else fails.
OpenDNS

Frontend:
Motorola DOCSIS3.0 SB6141
Sophos UTM 9.3 Layer 8 NGFW/UTM Appliance
ASUS RT-AC87R (Access Point Mode Only)
- Primary Wireless, Ghetto-vLAN with Restricted LAN access. Hardware timer to kill this from 12m-7am every night. (threat surface and telemetry harvesting reduction)
TP-Link AP
- Segregated AP for security cameras only. MAC restricted to just cameras. No LAN connectivity, PF to SEC Server. On 24/7. Signal truncated to exact dimensions of home.
Layer 3 GBE 16 Port Switch (Cisco)

Systems:
Win 8.1x w/Tweaks+Lockdowns
Trustport Antivirus 2015 w/PUA Enabled, HIPS on Full.
PeerBlock (paid, with all Malware/Adware databases - 1.5 million IP's blocked)
Admuncher (for Heuristic Script and Webbug Blocking)
Chrome w/uBlock(default), Vanilla Cookie HTTPS Everywhere.

Backup/Redundancy/Conditioning
Lenovo IX4-300D 12TB Raid10 Network Access Storage (NAS)
Encrypted Cloud Backup to COLO (company rebranded solution)
3X Cyberpower 1500VA AVR UPS
GOES KVAR 1200 (Power Conditioning, Whole House Surge Protector, Reactive Power Storage)
Generac 20,000 Watt Air-Cooled Aluminum Enclosure Natural Gas Powered Standby Gen w/Transfer Switch

Network Structure
Subnet Segregation (Blue Zones)
vLAN Isolation
MAC Filtration

I also run a variety of servers. Including an obfuscation server that pushes out 'fake' network traffic, searches, and activity to mask real activity. In addition to a security system (including cams) server.

 

...and I'm looking forward to brews at Mayahana's house. I especially love Belgian beers.

..although, I am starting to suspect you as being a part of the global NSA, GCHQ, mass collection and surveillance conspiracy. You might be one of those spooks trying to look in my electronic underwear drawer... trying to steal my pictures of naked animals and stuff..

But ok, I'll overlook that. So nevermind all that.

Hopefully I won't accidentally spring a trip wire or something and end up worse for wear..

Cheers,

-Frank

 

Yeah, I had auto-quarantine turned off as well. I had only ran Panda on my Win 7 box for a couple of days (if that) before the Big Panda Signature Bork Event happened. Switching the auto-quarantine off on any anti malware/virus app is de rigueur with me. It was the first thing I did after installing Panda. I still rate it highly enough to continue using it.

 

This is getting good, let the conspiracy theories begin.

 

"Downgraded" to Avira free,Privatefirewall.And Wondershare Time Freeze.(as usual)

 

Yes you did, you even posted that your is son (studying) to be an IT-engineer also, but never mind. You should track back your posts and look at the inconsistencies: one post it is 20 clients, next post they have become 25 clients in your home network (are the security cams included in this count?), then you manage 300 clients for 5 bucks a month as a contractor, next you work at a company with 30.000 seats or are a trend engineer who is so kind to create a support tickers for one of the Members at Trend. But with that many qualifications, I am not surprised that you are all of that merged into one super specialist also.

Remarkeable that after my question you posted about backing up the NAS, not once, but twice!. Now you sync the NAS into the cloud (1. cloud!) with encrypted solution your company offers AND tell us that the NAS is pointing to a personal (2. personal!) FTP server.

When you only backup security logs and camera recordings, the all inhabitants wear orange overalls explanation is more likely than the secret service scenario explanation of why one would need such a setup at home.

 

Point taken, no more responses from now

 

Just for something to do cause I was bored, I set up a VM running Windows 10, trying Windows Defender, HitmanPro Alert and NoVirusThanks, we'll see how this goes.

 

real-time
DD-WRT (OpenDNS)
Windows 7 Professional N x64 (Firewall and other system tweaks)
PeerBlock (except HTTP/HTTPS)
Avast Free Antivirus (Web Shield and Home Network Security only)
AppGuard
Opera (CanvasFingerprintBlock, HTTPS Everywhere, uBlock, WebRTC Block)

scheduler/on-demand
AOMEI Backupper Professional (monthly full backup, and incremental backup every Wednesday and Saturday)
SyncBackFree
HitmanPro (quick scan at startup and weekly default scan)
Zemana AntiMalware (weekly deep scan)
Malwarebytes Anti-Malware (weekly threat scan)

 

Just file under "needs to get out more".

Regards Eck

 

Replaced MBAE with Emet 5.2.

 

Why? Does it protect better or did MBAE cause you some issues?

 

MBAE was causing videos to freeze in which I had to hard reset my desktop.

 

Not to be picking on anyone but yes you did Mayahana. I remember seeing that post awhile back.

 

To be honest, the reason is simply - 'because I can'.. Any speculation beyond that is ... Speculation, and I'll leave additional theories to your imagination!

 

Linux Arch on two machines: one x386, one x64.

- Chromium with https everywhere and uMatrix extensions, run in firejail sandbox (in effect a Chromium Linux sandbox within a sandbox)
- UFW default-deny in/out with remote TCP port restrictions (80, 81-82, 443, 554, 1755, 1935), and DNS addresses
- Behind ISP-provided modem/router combo
- Image for Linux/Windows backups
- any and all personal/sensitive data kept separate on encrypted drives

The latter step I believe is often overlooked, but if this step is taken then who cares if your pc is compromised? If you have nothing of value residing on your pc, then nothing to worry about. Don't give cyber thieves anything to profit from or used to besmirch you.

My Windows setup is unchanged (buried somewhere in this thread) from before.

 

Let's Get Back On Topic, Which is What is your security setup these days? Thank you!​

Of course JR is right.

I've made some big changes in my security setup after reading and learning here and other places. I've learned a lot from you people.

AV:
-Zillya!
http://zillya.com/node/13

~ Removed Off Topic Remarks ~


Thank you,

-Frank

 

Added MBAE and AOMEI backupper

 

OS: win 7 pro 64 on a DT
Firewall: Windows ; Router (hdwr firewall)
Browser security: Sandboxie
Anti Virus: Avira
Anti Exe: Voodooshield
Anti Malware: Windows Defender

On Demand scanners
SuperAntiSpyware
Malwarebytes
Avira

 

https://community.norton.com/en/comment/6298631#comment-6298631

Anyone?