Classification of my defences

Discussion in 'other anti-malware software' started by ako, Dec 10, 2009.

Thread Status:
Not open for further replies.
  1. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    My setup:

    Vista laptop: LUA, F-secure client security 9, TweakUAC
    XP desktop: Defencewall personal firewall 3, Prevx with SafeOnline, Winpatrol PLUS

    + OpenDNS on router

    See the image. What do you think of the logic?
     

    Attached Files:

    Last edited: Dec 10, 2009
  2. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    very nice descriptive graph and nice info :thumb:
     
  3. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Wouldn't outbound firewall be at the end? Other than that nice graph. :thumb:
     
  4. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    I'm not sure. Why? Like this?
     

    Attached Files:

  5. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    I know some market watchers use another model, which looks surprisingly to yours, they only focus on treath gates (what countermeasures you have in place for what treath gate)


    1. Filtering (only allow valid protocols or allow only valid/sollicitated addresses, like your basic firewall)

    2. Reducing attack surface
    - hardening (reducing total surface for all)
    - policy management/ACL/user rights (reducing surface for selected user/objects)

    3. Blacklisting (skip known bad ones)
    - externally = IP blacklist or E-mail spam protection
    - internally is AV

    4. Anomoly detection
    - Heuristics (looking at anomolies of 1 object, e.g. virus family recognition by Heuristics of your AV of an executable/file)
    - Forensics (looking at anomolies at several places/objects for correlation to discover complex anomolies e.g. most Anti-rootkits and fi Hitman Pro, but Snort IDS can also be seen as forensics)
    - behavioral analysis (looking at a sequence of anomolies after a specific intrusion/trigger)

    5. Virtualisation
    - code level (f.i. code emulation of your AV)
    - application level (e.g. Sandboxie, Bufferzone)
    - partition level (Shadowdefender, Returnil)
    - hardware level

    6. Whitelisting
    - netwerk access
    - data access (including registry parts plus vulnarable OS parts)
    - process operating space (classical HIPS forbid memory injection, DEP of your OS is on same level)

    7. Encryption
    When your are allowed to access it it still can be secured by encryption


    Regards Kees
     
    Last edited: Dec 11, 2009
  6. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    Very consistent classification model. My setup does not utilize 5, 6, 7.
     
  7. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    New version:
     

    Attached Files:

Thread Status:
Not open for further replies.