Classification of my defences

My setup:

Vista laptop: LUA, F-secure client security 9, TweakUAC
XP desktop: Defencewall personal firewall 3, Prevx with SafeOnline, Winpatrol PLUS

+ OpenDNS on router

See the image. What do you think of the logic?

 

very nice descriptive graph and nice info

 

Wouldn't outbound firewall be at the end? Other than that nice graph.

 

I'm not sure. Why? Like this?

 

I know some market watchers use another model, which looks surprisingly to yours, they only focus on treath gates (what countermeasures you have in place for what treath gate)


1. Filtering (only allow valid protocols or allow only valid/sollicitated addresses, like your basic firewall)

2. Reducing attack surface
- hardening (reducing total surface for all)
- policy management/ACL/user rights (reducing surface for selected user/objects)

3. Blacklisting (skip known bad ones)
- externally = IP blacklist or E-mail spam protection
- internally is AV

4. Anomoly detection
- Heuristics (looking at anomolies of 1 object, e.g. virus family recognition by Heuristics of your AV of an executable/file)
- Forensics (looking at anomolies at several places/objects for correlation to discover complex anomolies e.g. most Anti-rootkits and fi Hitman Pro, but Snort IDS can also be seen as forensics)
- behavioral analysis (looking at a sequence of anomolies after a specific intrusion/trigger)

5. Virtualisation
- code level (f.i. code emulation of your AV)
- application level (e.g. Sandboxie, Bufferzone)
- partition level (Shadowdefender, Returnil)
- hardware level

6. Whitelisting
- netwerk access
- data access (including registry parts plus vulnarable OS parts)
- process operating space (classical HIPS forbid memory injection, DEP of your OS is on same level)

7. Encryption
When your are allowed to access it it still can be secured by encryption


Regards Kees

 

Very consistent classification model. My setup does not utilize 5, 6, 7.

 

New version: