Most secure PC setup

What would the most secure PC setup look like?

 

One not connected to the internet (that one was easy). Hmm.. what would be the most secure PC setup, that is very difficult to answer if I may say. I would say a OS on which you can't manually install something and/or a very basic/barebone OS with only the most essential programs needed. The more programs installed, the higher the chance that one of them can be exploited.

 

It looks like what these guys have: security setup

 

An exokernel and nothing but an exokernel.

You're going to have to be more specific. A windows PC that doesn't have an ethernet cable/ wifi card is plenty secure.

 

Impossible to know is that question. Clouded is the answer. Let go of your feelings, and then know will you that too many variables there are.

Yod... erm, I mean Sul.

 

One that is definitely turned off by being completely destroyed, internally and externally.

 

It's a fairly loaded question haha

what is security? Being able to access your files and system while maintaining their privacy and security? There's certainly more to it than that. And even that alone is very complex. Files can be stored off of a computers hard drive now so suddenly we need an internet connection.

This is why there's no single security setup.

 

the most secure pc is the one not connect to the internet + turned off + placed in a safe


anyway pretty secure computer the one that Have Bios and Firmware writing protection + ReadOnly harddrive for Operating system mmmmmm

Lots of security products

 

LOL, That should keep him busy with nearly twenty thousand replies.

 

And after finishing that the question is still unanswered

 

Ok can I re-iterate?

What is the most secure PC setup that will allow you to use the internet.

Before my setup was.

Internet --> Dynamic IP address --> modem --> Sonic Wall router TZ210 WIRED w/ Cat6 cables --> PCs --> Comodo Firewall --> Bitdefender AV --> PC virtualization/VMware --> Sandboxie --> Comodo Dragon or latest Firefox release --> PC fully encrypted with TrueCrypt

Can I add on anything to the above?

*EDIT* I also forgot to mention that I use TOR

 

Linux?

 

Lynx browser.

Really this is a silly thread without need to know what your priorities/configuration is/are. For example Truecrypt is useless at protecting active drives. VMware is pointless if you store all your data on there.
Factor in there is more than one way to achieve most security goals (e.g. our laptops are locked down with group policy and limited user accounts and drive permissions that sandboxing is 99% useless).

We would need to know what do you with your machine, where your willing to accept compromises in usability for security, what exactly you need securing.

And finally one thing that SO many people on here do not do, that is test that your setup actually is secure. I see loads of people use "recommended" configurations and applications without actually knowing if there security configuration works. All it takes is one easy to hack password, one misconfigurated (is that an actual word ?) app and your whole wall of security comes tumbling down.
Your configuration is ONLY secure when you know it has successfully been tested or attacked without compromise or else you are just running on blind faith... (all it takes is a bit of human error)...

Cheers, Nick

 

I use my PC for work.

I am an online daytrader and poker player.

The point of Truecrypt is to protect your drive in case it gets stolen. Why would it matter whether the drive is active or inactive?

As long as I can play poker on Pokerstars and use Questrade to trade stocks, that is all I want from the machine.

MOST people do not have friends or associates that hack or test their machines, therefore I would have to pay a professional hacker to do that to see how effective my setup is. I will consider it. I make enough money.

 

I would like to add that I have never had any virus problems through a web browser when I have my hardware firewall/av and software firewall/av setup.

It just has never happened, I've tested this by going to many virus infected sites, porn sites, and downloading many infected files.

 

I was just trying to work out what your security goal for using Truecrypt is

Along with the info about what you use the machine for, people will be able to help you out better.

With a bit of knowledge you can do your own testing, e.g. does app X get blocked by firewall, can app Y install unknown addon. Yes its not as substantial as paying for pen-testing, but with help of the community and knowledge on the internet you can go a long way to knowing how well protected your system actually is.

 

I looked into Lynx Browser and I will definitely try it out later, but it seems a little excessive.

But yes, my main concern is being able to work properly. My average work day is 12-16 hours long on the internet, 6 days a week.

 

Hehe was just a bit of a joke . Its a text only browser, 99.999% sure you can't do online poker with it in a usable manner.

Cheers, Nick

 

Nonetheless it sounds like a good idea.

 

Instead of a router I may use a Dell XPS 9100 with OpenBDS installed, how does that sound?

Corporations all over the world have been known to use OpenBDS as their hardware firewall when under attack.

 

What i would recommend to the average User and assuming a correct configuration:

-NAT Router
-LAN (no WLAN)
-Win 7 64bit, UAC, LUA, MET, Firewall on default deny inbound/outbound
-sign. based Antivirus, e.g. Avira, Avast etc.
-behaviour based product, e.g. Threatfire
-HIPS, eg. OA free
-Firefox (or others) with addon "NoScript" and in Sandboxie
-System Virtualisation, e.g. Returnil (?) etc.
-Images on extern. harddrive (not connected)

I'm pretty sure that this is a very secure setup.

 

@strongsword,

you don't even mention your O/S. That said, you don't need to go overboard, as it appears you already have, applying tons of 3rd party security products to secure your machine. Depending on the O/S, ideally a Pro or Ultimate version of Windows, you can, imho, achieve way above average security by using what's already available in the O/S, and perhaps one 3rd party app to augment it. This way you achieve robust security without introducing potentially numerous bugs and other stability resucing issues brought about by all that additional software. Far less chance of something interfering at the wrong time during an important online trading transaction

 

I'm currently using Windows 7

 

Well said wat. I agree with this. No sense in bogging your system down with lots of 3rd party security and increasing your attack surface with it.

 

No PC in the first place .