My network security portfolio... advice?

I'm using the following to protect my home system. Is this a reasonable approach?

1. A router/firewall (w/ SPI) blocking unsolicited inbound tcp/udp traffic. Port scans are stopped cold, but some IP protocols like ICMP pass through untouched due to application requirements and firewall limitations.

2. NOD-32 anti-virus to scan e-mail, web, and file transfers. Also detects and stops some trojans and spyware, but not all.

3. System Safety Monitor as a HIPS to prevent unwanted programs from installing and identify malicious programs that get by my first lines of defense.

4. Common sense.

Ruled out: Backup system (expensive), dedicated firewall (expensive), separate anti-spyware (little value), privacy proxy (little value), anymous surfing (slow).

 

Looks like a solid setup.

You should also use an alternative browser like Firefox or Opera.

 

Deep Freezzzzze that tish.

 

Thanks for confirming I didn't miss anything obvious. I use Firefox as my web browser whenever possible, so no worries there.

 

What do you mean by 'Backup system' and 'dedicated firewall'? Your hardware firewall is a dedicated firewall, so how have you ruled that out? Did you mean a dedicated software firewall? If so, how is it too expensive when there are numerous free ones out there? Just seeking clarification so that you can receive appropriate advice. As for your security setup, it looks like you have all the bases covered. You might want to consider using NoScript in firefox if you aren't already.

 

Here ya go, Jim's *security* suggestion.

Really though, like good friend's or good book's .... few, but choice. See here. Started about a year and a half ago, I'd say not much has changed with the minimalist approach. Experience and knowing the types of activities one is involved in should dictate the choices. Your setup would work fine for me except for the anonymity part .... the part I'm not willing to sacrifice.


Steve

 

TypicallyOffbeat -

When I say 'backup system', I mean a hardware/software solution that takes snapshots of my hard drives on a periodic basis, so that if my system were attacked, I could roll back to a known good image. I have 2TB of similar priorityt data in a RAID configuration. The backup costs would be too high for my current system.

When I say 'dedicated firewall' I'm thinking of something like a PIX501 or TZ180 rather than the router/firewall combination I currently use. While I would love the added protection those bring to the table, they're probably overkill and too expensive for my system.

Thanks for the tip. I use NoScript and CookieSafe.

 

I'm curious--how do you protect your anonymity?

Websites can track you based on your cookies and internet address. The cookies are easy to eliminate with CookieSafe, but I've found no good way to mask my internet address. I tried Anonymizer, and for awhile TOR plus Privoxy, but the key problem for me is that these services dramatically slow down Internet access. I ended up uninstalling the lot of them. So all I use now is CookieSafe and semi-anonymous e-mail drop boxes.

I used Spybot and AdAware for over a year and they never found anything to clean after I installed CookieSafe. I tried CounterSpy for a day and its only complaint was that I customized the IE security zones.

Edit: I just found Hide My IP 2007 Premium Service in the privacy forum. That would protect my ip address from websites, which is more privacy than I currently have, and it's not likely to slow down my connection to unacceptable (to me) levels like TOR and Privoxy

Edit2: "1 Month FindNot PRO Subscription $49.95 Broadband Speed!!!" It looks like privacy proxies still slow down your Internet experience or cost a bundle if you want to preserve broadband speeds. What would an anonymous IP from "FindNot" or "Hide My IP" do? Websites wouldn't know what city I was from. Advertisers wouldn't be able to track several of the site I visit. I mean, those are nice, but to me they're not worth a slower Internet experience or $100/year to me. TOR/Privoxy provides much more, but extremely slows my connection. We all have to decide what we can live with, and I can live without these for now.

 

".... how do you protect your anonymity?"

With nothing you haven't already mentioned.

"We all have to decide what we can live with, and I can live without these for now."

Then your bar is set. As an alternative to the speed issue I've developed a growing interest for one service in particular. You may yourself find a renewed respect for privacy after reading through their concise, up front policies. In keeping with the mindset 'less is more,' cotse comes across offering a more feature rich solution for my money without the need of running as you say, "expensive" third-party soft.

In response to weighing the pro's and con's of each service/software and their relative effectiveness, a novice may not be the ideal candidate to receive answer's from. What I can add you're probably all too aware of .... investigate, follow up user review's (#6), and email the company direct should there be any information lacking clarity.

Good question's brought up here covering how these services handle encryption/ssl, starting from post sixty-three.


Steve