What else do I need besides PG?

Discussion in 'other security issues & news' started by JayTee, Nov 4, 2004.

Thread Status:
Not open for further replies.
  1. JayTee

    JayTee Registered Member

    Joined:
    Nov 2, 2004
    Posts:
    166
    Ok, this may be off topic.

    After reading through the forums here and elsewhere, I have become a bit paranoid. Actually a lot paranoid. I know I can't be 100% secure unless I pull the DSL connection off :)

    What else do I need to secure my PC besides PG v3 and a simple app filtering firewall like Kerio 2, (and the usual AV, spyware and anti-trojan scanners) for a home PC, behind a router with a DSL connection? A sandbox app like SSM? Will all my bases be covered assuming (big assumption here) I set up Kerio properly? (Set it up so that the weakest link is in port 80)

    Tested out Jetico and Tiny 6 together with PG and it seemed to be an overkill. I had to allow a process twice - once with PG and once with Tiny/Jetico (though I am glad that PG prompted me to do so first). Is it an overkill using such advanced firewalls with PG?


    TIA


    Wanted to sign off as Paranoid Andriod but this names taken!
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,934
    Location:
    SW. Oklahoma
    I wouldn't run two firewalls together, they will likely fight each other for resources. And kerio 2.1.5 is an excellent firewall. It just takes a little tlc to get set up properly. Along with a good av and at and adware se and spybot s/d . I also use spyblaster and winpatrol 8.0. I use start up mechanic to keep an eye on start up programs. I feel comfortable with my set up but it is up to you to ultimatly decide how muh is enough

    bigc

    since this thread really isnt about process guard but other security apps I am going to move this thread to other security issues.
     
  3. MEGAFREAK

    MEGAFREAK Registered Member

    Joined:
    Jul 8, 2003
    Posts:
    51
    in my opinion it is no problem to use 2 or more firewalls, don´t let influence your about those meanings, do it like you want.

    you can also use 3 firewalls sometimes its just funny to test it out
     
  4. JayTee

    JayTee Registered Member

    Joined:
    Nov 2, 2004
    Posts:
    166
    Sorry, I meant to say (Tiny 6 OR Jetico) AND PGv3
    and not (Tiny 6 AND Jetico) AND PGv3.

    I'd only run two firewalls if I had the resources. (Then again maybe not, coz I can imagine the conflicts). I tried Tiny 6 but it was really slow on my 768 MB P4 1.7 running with KAV (both resource hoggers). Uninstalled Tiny and installed Jetico. Runs zippier, but runs best when KAV is not scanning real-time!

    Anyway, I don't think I should run
    (Tiny 6 OR Jetico) AND PGv3
    but rather
    Kerio 2 AND PGv3.

    Guess the best way to do so would be to run some firewall tests. I looked at GRC but can't seem to get the site working to scan my PC. Another site is Symantec. Of course there is the firewall tests provided by gkweb. PGv3 stops some of the leaks at the tracks.

    Oh dear, I gone off topic again.
     
  5. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Overall system security can be split into several steps:

    Block Unnecessary and Unsolicited Network Traffic
    This is the role of a firewall. For "always-on" internet connections, having a router with its own firmware firewall as well as a software firewall running on your PC will provide the best protection. The router will handle unsolicited incoming traffic, the software firewall will provide control over which applications can access the Internet (and can alert you if a new program attempts access - benign or not).

    Secure Permitted Applications
    While keeping disconnected from the Internet does do a lot for security ;) for most people it's not an option. Look at those applications that are allowed Internet access and try to tighten their configuration as much as possible - firewalls will allow their network traffic through so you need to make sure that they cannot be hijacked or used to plant malware on your system.

    Email: Most anti-virus scanners will intercept incoming and outgoing email to check for infected attachments. As long as signatures are kept up-to-date this should identify most threats but still treat unsolicited attachments with suspicion if they contain executable programs. Ensure that you are using email software that does not automatically open attachments (i.e. patch Outlook Express, or drop it entirely and use a more secure alternative like Thunderbird).

    Web Browser: This is one of the most difficult to secure, due to the complexity (and capability) of the HTML code used to create web pages. Ensure that Active Content (ActiveX, Java, Javascript) is disabled by default - either in the browser settings (the most secure option, but not all browsers offer this on a site-by-site basis) or via a filter (many firewalls offer this feature as do specialised filters like Proxomitron or WebWasher Classic - both are free). However some sites will not function properly so you need to re-enable these on a case-by-case basis for addresses you trust.

    Specialised web filters offer greater configurability and finer control, but can be bypassed by obfuscated HTML. Note that Internet Explorer is so insecure (even placing websites in the Restricted Zone could be bypassed at one stage) that switching to an alternative like Firefox or Opera is one of the most important steps in improving online security.

    Filters can also boost online privacy by restricting what information is sent out by your browser - check Network-Tools.com's Analyze Your Connection page and BrowserSpy to see what can be determined. Also check the Dangers of HTTPS thread for another reason to use Proxomitron.

    File Downloads: Avoid anonymous sources like P2P networks, Usenet, Internet Relay Chat or "warez" websites for program file downloads - these are a prime source of trojans. If you have to use them, then consider getting a specialised anti-trojan scanner to back up the anti-virus scanner - and consider using Kaspersky Anti-Virus to check such downloads. Its trojan detection capabilities are unrivalled among anti-virus scanners but it is so CPU-intensive that it is best used (in my experience) to check out downloads, rather than being run in the background all the time.

    Other Network Applications: Restrict or disable any functions you do not use (the less code that is used, the fewer the vulnerabilities that can be exploited). Check the product website regularly for updates or security fixes for known problems.

    Create a Second Line of Defence
    This is where applications like Process Guard and System Safety Monitor come to the fore. If malware ever does get run on your system, these can alert you to a new program being executed as well as to suspicious actions it may take (like hijacking security software or modifying Windows registry entries). While Process Guard does an excellent job of process protection, a registry monitor should be used with it also since many malware programs modify the registry to ensure that they are run on system startup (note that many legitimate programs do this also - so you need to use your judgement over what to allow).
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.