Am I covered?

Discussion in 'other security issues & news' started by Straight Shooter, Jan 23, 2003.

Thread Status:
Not open for further replies.
  1. The following was cut and pasted from Symantec's latest email newsletter. Please focus on what I outline in BOLD.

    "What can I do?

    One of the best defences against hacking is good computer security practices. Install good antivirus software that combats the gamut of blended threats. Buy a firewall, implement it and maintain it. Keep your systems up to date, keep your data backed up, have a plan so that when something does go wrong you know how to react. Security should be an ongoing practice - as threats evolve so should your defences against them."

    What is he referring to? (David Banes).. An AT? A script defender? I know that some firewalls say they have "Intrusion Detection" software.. what would be an example of what he's talking about? IEClean? AddSubtratc Pro?

    If I knew I wouldn't ask... I have an idea, I would like to see what opinion is..

    Thanks
    Shooter..
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    Greetings Straight Shooter,

    Well, I'm not sure which section you are talking about since the bold tags aren't actually around any specific text, but, I think you are reading more into what he's saying than is actually there. In that quoted paragraph, I don't see him recommending anything all that special (such as ATs, script filters, or even advanced things like intrusion detection). He's really just giving some basic, standard PC security recommendations.

    Taking each part of his paragraph, he's just saying:

    1. Use a good Anti-Virus package
    - (one that handles viruses, worms and trojans)
    2. Install a firewall and use it properly
    - (A misconfigured firewall may be worse than none at all)
    3. Keep your OS and software applications current with all patches
    - (ex: Keep current at Microsoft Windows Update...)
    4. Make frequent, restorable system backups
    - (a good, clean system image can fix any software problem)
    5. Have a plan for how to fix your system - if the worst happens
    - ("Don't panic, be prepared & 'know' that you can fix your system!")
    6. Stay current and informed regarding new risks & exposures
    - (New security issues come out all the time, so don't be complacent.)

    It is generally good advice, at least as far as it goes. To those of us who frequent places like Wilders, this might be what they call "preaching to the choir," as many of us do even more than this, and have more layers of security, use more and/or stronger tools. We may also stay better informed than the general public, just by participating at places like this.

    But, since the majority of PC owners don't think or care at all about security, and don't follow any of his recommendations, this advice, if adopted by everyone, would literally change the world (computing security-wise, that is).

    Was there more than this, that you thought he might have been referring to?
     
  3. Forgive me.,.. I didn't notice, but where it says b\b in my post, He says "Install Intrusion Detection Software." I didn't notice it was cut off., and I didn't save my email..That's what it says..
    I'm not questioning his advice. I question what is meant by "Intrusion Detection" He was saying that firewalls alone won't do the job.
     
  4. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    Ah, now I see what you meant, thanks. :)

    A lot of people really like the concept of using active intrusion detection, on either systems or networks, as the best way to watch for malicious activity. They see IDS as a far stronger tool than a standard firewall when dealing with network based attacks.

    You see, most firewalls simply use a set of static rules to decided what traffic (inbound or outbound) to either permit or deny. Consequently, there is not a lot of intelligence being applied by firewalls, and they "don't know" the difference between a real attack and some misc probe. They just enforce the preset rules.

    IDS can be much more intelligent, reactive and responsive, because it can be programmed with the ability to recognise an attack, by either its specific characteristics (a known pattern of malicious traffic), or by noticing a change in the normal (acceptible) traffic patterns on a system or network. An IDS system could then respond to a perceived attack to block or disrupt it.

    Now, the best known (at least to me) IDS for home use (on Windows systems) is BlackICE. As for the business environment (for an enterprise level IDS), the folks at ISS are a good reference.

    For a lot of general information on IDS, see this site:
    http://www.robertgraham.com/pubs/network-intrusion-detection.html

    For all its potential, IDS is not discussed as much as other security software.
     
  5. :D

    Well, I know what that is.. Zone Alarm, Norton, and I think McAfee all claim they have intrusion protection.. I can see where ZAPRO would be one.. I own it but don't presently use it (I am evaluating other software), and as for Black Ice, U've heard more than the normal share of negative reports about it due to it no being a true firewall, leaves ports open, etc.. What do you think? Am I opening up a can of worms, here?
     
  6. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Nah, it's the same can of worms that's been open all along.
    Some firewalls have what they call IDSs, a few don't. Its still your call on what you think the best firewall is to suit your needs.
    Stateful packet inspection is another area of firewalls that is surrounded by controversy.
    No need to make it any harder than it is. There are several good firewalls around that pretty much work as advertised. I'm talking about Sygate, Kerio, Look N Stop, Outpost, and even ZA works as advertised. I prefer a rules and application based firewall myself. I want max control over ports and protocols. For some, this could be intimidating though, so an application based firewall might be best for them.
    I think all firewalls could use improving, and most are working on that constantly, I believe. Still, the firewalls available are doing a pretty good job if configured correctly. I'm talking the mainstream ones.
    Port testing with a scan site that uses NMAP scanning helps determing if your firewall is set up properly, so I think its wise to use them from time to time.
     
  7. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    "Intrusion protection" means many things to many people.

    1. A firewall - plain and simple - is intrusion protection.

    2. Program Execution Handlers - With these protection systems on your system, just because you have an .exe on your system doesn't mean you (or anyone else) can run the program. You can even require a password to run any and all executable programs.

    3. Registry/File Monitors - Programs that alert you to any changes in the registry, filenames, etc.

    4. Physical Intrusion - We all worry about attacks from the net and protect with all kinds of software and hardware. But what about the physical security of your computer? It's ironic, but MOST have nothing at all - even security types who focus on the attacks from the Internet. When you leave for a three hour dinner and movie trip, is your system protected? Not just with a Windows Screen saver or Windows OS password (all easily defeated) but with REAL physical system intrusion software? There are several good programs that accomplish physical security, which by the way, kicks in with a time-out if you are away from the computer for a certain length of time.

    5. Interoffice network/system intrusion - are you protected with software that allows only YOU to make certain changes to your system settings?

    "Intrusion Detection" means one thing to you, another to me, and another to Joe next door. But all of the above pretty much covers the phrase in full.

    John
    Luv2BSecure
     
  8. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Good points John.
    Glad you're back at work here. :D
     
Loading...
Thread Status:
Not open for further replies.