HIPS Program.

Discussion in 'other security issues & news' started by Badcompany, Sep 15, 2006.

Thread Status:
Not open for further replies.
  1. Badcompany

    Badcompany Registered Member

    Joined:
    Nov 18, 2005
    Posts:
    752
    Location:
    RUNCORN UK.
    Hello Forum,
    What problems will i encounter if i don't have a ( HIPS ) Program. Am I protected with my current security set-up.You can see my security programs in my signature. I would appreciate your Opinions.
    Badcompany.
     
  2. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,007
    it depends where you go on the internet.....
     
  3. Badcompany

    Badcompany Registered Member

    Joined:
    Nov 18, 2005
    Posts:
    752
    Location:
    RUNCORN UK.
    I don't really understand what people mean about bad internet sites, Do they mean porno sites, What other sites are bad.I don't visit porno sites.
     
  4. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,007
    i mean porno,crack.wearz sites etc. I dont prejudge.

    if you practice safe hex and are genraly safe on the net then your setup is fine
     
  5. Badcompany

    Badcompany Registered Member

    Joined:
    Nov 18, 2005
    Posts:
    752
    Location:
    RUNCORN UK.
    Thanks Lodore, Much appreciated.
    BC.
     
  6. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,007
    np. in your sig i dont see any mention of a nat router do you have one?
     
  7. Badcompany

    Badcompany Registered Member

    Joined:
    Nov 18, 2005
    Posts:
    752
    Location:
    RUNCORN UK.
    No I don't.I Don't know what a nat-route is for.
     
  8. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,007
    oh i see a nat router is a hardware firewall and blocks most of the bad packets and since it has its own processer it doesnt slow your pc down but has gives you an extra layer of protection. most wireless routers are nat routers.

    I would reccomend a wireless router with a nat firewalled router. (hardware firewall)
     
  9. Badcompany

    Badcompany Registered Member

    Joined:
    Nov 18, 2005
    Posts:
    752
    Location:
    RUNCORN UK.
    Now I understand, can you name some nat-router for me to look at.
     
  10. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,007
    the bt's ones are good and easy to setup i reccomend the bt voyager 2110 which is about £80 a bit pricy but easy to setup. i have never liked the linksys ones. you can get it from bt.com. there are other good ones but i reccomend that one. you put in username and password of isp into the interface and your online no messing around with cd's.

    I also think buffalo routers are good. http://www.buffalo-technology.com/buffalo-home.php
     
  11. Badcompany

    Badcompany Registered Member

    Joined:
    Nov 18, 2005
    Posts:
    752
    Location:
    RUNCORN UK.
    I now live in Holland, but i will go to KPN which is the equivalent of BT in England.I am on cable does that make a difference.
     
  12. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,007
    yes cable does make a difference. im not sure what routers you could use for cable im sure someone here will
     
  13. Badcompany

    Badcompany Registered Member

    Joined:
    Nov 18, 2005
    Posts:
    752
    Location:
    RUNCORN UK.
    When I go to KPN I'am sure they will tell me. Thanks for all your help.
    BC.
     
  14. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,007
    np. im sure they will
     
  15. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Hi,

    KPN does not have cable.
    If you go to the bigger stores they have routers you can use both on cable and adsl.

    Gerard
     
  16. Badcompany

    Badcompany Registered Member

    Joined:
    Nov 18, 2005
    Posts:
    752
    Location:
    RUNCORN UK.
    Hi gerardwil,
    Sorry I'am with @Home.
     
  17. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    A NAT router's primary function is to split a single internet connection among multiple computers, keeping track of what data should go to which computer. The cable modem is likely only made to handle one connection, so the router provides the one connection point to the modem and keeps track of which computer requested what data, routing the data to the computer that requested it. This provides some firewalling in that if an unsolicited inbound connection is attempted, the router will not know which computer to send it to and so will just ignore it. A router itself isn't the same as a hardware firewall, but it is the next best thing (more appropriate in a home setting) and is a good idea to have even if you only have one computer in the house. There are, however, many routers now that do contain some firewalling functionality like stateful packet inspection (SPI).

    Most of the routers out there will handle both DSL and cable, and will be called either "DSL/Cable Router" or "Broadband Router". Just look on the back of the box and it should tell you. You can get plain routers for cheap, "Firewall Routers" (routers with SPI and maybe other features) cost a little more. If money is a factor, I would base the decision between the two on what your desktop firewall already has. If you have a desktop firewall with SPI, you may not get a lot more out of a router with SPI. If your desktop firewall is more basic, like the Windows Firewall with maybe some other software to take care of outbound connections, then an SPI router may be more worthwhile. If an extra $30-$50 (or more) isn't a big issue and you want more features, then an SPI router isn't a bad buy either way.

    Even if you don't buy from them, you might check out NewEgg.com and read the user reviews on different routers, it's a great way to get opinions on different products. Obviously routers with hundreds of reviews that are almost all 5 stars would be the best way to go, but do actually look at the reviews because there are some that are perfectly happy with the product but give it a low rating because they had a bad experience with the merchant or shipping (which is a really bad practice because it can make a perfectly good product look bad.. with millions of packages being shipped at any given time, there's bound to be some mistakes).
     
  18. Badcompany

    Badcompany Registered Member

    Joined:
    Nov 18, 2005
    Posts:
    752
    Location:
    RUNCORN UK.
    Hi Notok,
    Thank you for all the info,I understand what to look for now.
    BC. :thumb:
     
  19. herbalist

    herbalist Guest

    That's an impossible question to answer. There's no way to know what the next threat you'll run into will be. The security setup in your signature would be effective against most identified threats. Your AV and Ewido detect threats based on definition, signature, or reference files. That's fine for threats that are known, not as effective against new ones. Where signature based security falls short is with newly found exploits and fast spreading code like Slammer exploiting them. If I remember right, a user only needed to be connected to the net for a few minutes to get exploited. A more recent example would be the wmf exploit. A lot of people were infected before the AVs caught up. Safe habits and low risk behavior do help a lot, but not against everything. Knowing not to open e-mail from unknown sources is easy enough. It gets harder if someone you normally get e-mail from gets infected and starts sending out infected mail. If they were one of the first to receive a new virus, your AV may not recognize it.
    HIPS has the ability to defend a system against previously unknown threats, including many exploits when properly configured. The problem with windows is that it was designed to be convenient. Just about any program or application is allowed to do almost anything it's author (or a hacker) wants it to. HIPS limits the software and system executables to only those activities that the ruleset permits. The user, or some form of learning mode writes these rules. How well the HIPS software protects you depends on quality of the rules. The more knowlegable the user, the more effective ruleset he/she can write. Unfortunately, even with various forms of learning mode, HIPS software is better suited for computer savvy users. That's not to say that the rules made by a built in learning mode won't protect you. They will, just not as well as a set written by someone who knows their system.
    HIPS software is powerful, but it's not a do-everything solution. There are no 100% secure systems. At the present, HIPS as part of a good security package is about as close as you can get to completely securing windows using just software. In another year or 2, who knows? The next windows release may change everything all over again.
    Rick
     
  20. Badcompany

    Badcompany Registered Member

    Joined:
    Nov 18, 2005
    Posts:
    752
    Location:
    RUNCORN UK.
    Thanks Rick, We sure do get good help and info on this site,Thanks to you all.
    Badcompany.:thumb:
     
  21. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    To expand on Herbalist's words (not disagreeing this time :) ) I would say that it's important to know the difference between a system file and malware posing as a system file to use a behavior blocker effectively. There are other kinds of HIPS, though, that don't rely on you knowing the nature of everything that runs to work effectively. What you might look into is software that is intrinsically more secure, such as non-Microsoft internet software (or anything that handles files you download from the internet), and software that gives you relevant information to make better choices about what you do/where you go on the internet.
     
Loading...
Thread Status:
Not open for further replies.