What is most important when it comes to security setups and why?

Discussion in 'polls' started by Tyrizian, Jun 24, 2014.

?

What do you think is most important when it comes to security setups and why?

  1. 1. Antivirus

    27.8%
  2. 2. Firewall

    25.0%
  3. 3. Anti-Executable

    16.7%
  4. 4. Sandboxing

    20.8%
  5. 5. Policy Based

    15.3%
  6. 6. HIPS

    13.9%
  7. 7. Behavioral Blocking

    9.7%
  8. 8. Web Filtering

    13.9%
  9. 9. Anti-Exploit

    12.5%
  10. 10. All the above

    16.7%
  11. 11. Other

    44.4%
Multiple votes are allowed.
  1. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,806
    What do you think is most important when it comes to security setups and why?
     
  2. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,508
    Location:
    Slovakia
    Sandboxing + Web filtering, because the browser is the most vulnerable part, pretty much all malware get inside through it.

    AV - not really, it comes after the infection is already spread, good for cleaning though.
    Firewall - if there are applications already allowed, obviously, how can it stop anything?
    Anti-Executable/Policy Based - similar like AV, it is meant to deal with an already infected PC.
    HIPS/Behavioral Blocking - even with learning mode, it is still requires some skill to be effective.
    Anti-Exploit - it is pretty unclear, what it does, it protects browser, but how, it does not specify.
     
  3. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,015
    -Sandboxing

    -Other: System Recovery (e.g. Imaging, Boot-to-Restore etc.)
     
  4. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,054
    I voted two:
    - other: backup, backup, backup
    - Antivirus: to let you know when you have to restore backup.
     
  5. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    The most important aspect of computer security is the users overall security policy, not the system or software policy components of the operating system but the users overall security strategy. This strategy or policy should be based on the users needs, their ability to implement and adhere to that policy, and their attention to detail. The operating system, user applications, and security software are selected based on their ability to adhere to and enforce that policy.

    The users security policy has a basic core policy. Some of the core security policies are:
    Default-permit, roughly defined as anything not malicious is allowed.
    Default-deny, only what the user specifies is allowed.
    Containment, changes are confined to a sandbox or virtual environment. The host system remains unaffected.
    Reboot to restore, The system is returned to a predefined clean state after each restart.

    Each of these has advantages and disadvantages. Each favors a different kind of user, pattern of use of the PC, user skill level, etc. The different core policies can be combined. The user should choose the core policy that best matches their abilities and needs, then choose the components, applications, and/or security software that can best enforce that policy. Sandboxing software is a poor choice for enforcing default-deny. AVs aren't suited for sandboxing. Classic HIPS doesn't detect specific malware.

    Ultimately, it is the users security policy that protects them. Some policies like default-deny require a lot of attention to the details. Others like default-permit need very little. This is largely determined by how the system is used and by how many. For users that try out a lot of software or regularly alter their systems, default-deny is a bad choice. For those whose systems change little and those that want the system to be the same day after day, default-deny is a good option. Users that want to be able to do as they please with a system and are willing to invest some time in the initial setup, for them sandboxing and virtual systems are good choices. Those who just want to use a system and can't or don't want to invest time and effort in its setup should stick with default-permit and AVs. The user has to be honest with themselves regarding what they want to do and what they can do when making their choice.
     
  6. Enigm

    Enigm Registered Member

    Joined:
    Dec 11, 2008
    Posts:
    188
    I voted 'other' .
    The single most important thing is : Don't be an idiot !
    DON'T click on that link in the Nigerian scam-mail, DON'T click on that link to 'something funny' some jerk sends you on Idiotbook
    and DON'T believe you get 'Free Pr0n' when clicking that flashing thing ..
     
  7. guest

    guest Guest

    For me...

    Policy restriction + inbound FW + web filtering + imaging. Yep, I have converted from classical HIPS to policy restriction HIPS. Blame GIMP for that.

    I do have objections with those statements.
     
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,054
    Why's that? Because of plugins subdir with all exes? I used to whitelist whole folder, when I was using Malware Defender.
     
  9. guest

    guest Guest

    Yes. GIMP is like a Lego software. Even each effect has its own EXE. I've never seen a third party software triggers that many (much?) requests from the HIPS.

    Well, I wanted to do that as well, but scared that the CHIPS admirals will chop my head as the consequence. =V

    I don't think inbound FW and policy restriction are not meant for prevention. Even Chromium-based browsers use some sort of policy restriction. I agree with the outbound FW part though.
     
  10. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Firewall, I'd like to see someone without one LOL. The rest a user can survive without IMO. Then again, backups are very important TBH.
     
  11. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    If the user closes all of the open ports, they don't really need an inbound firewall. There's nothing for inbound traffic to connect to. Sadly, Windows from Vista onwards don't make that possible.
     
  12. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Could not make up my mind so i voted for all of the above. Hahaha
     
  13. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    I voted other.

    the most important security itself is the user.
    for example: phishing scam emails.

    also, the OS itself.

    computer security is not complicated: don't install suspicious software, don't click on dubious email attachments and don't fall for phishing scams.
     
  14. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
    -OTHER: Firewall Router

    Why?:

    Firewall Routers positioned at the Networks Edge secure the entire Network that they serve.

    Firewall Routers act as the Gateway between the Internet and the Local Area Network.

    Firewall Routers Policy Rules dictate what communications pass through the Router from the Local Area Network out
    into the Internet, and what communications pass through the Router from the Internet into the Local Area Network.

    Firewall Routers are the first line of defense for any Local Area Network, even if there is only one computer
    being served by the Firewall Router.



    HKEY1952
     
  15. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Good advice but no longer sufficient. With legitimate servers getting hacked, no software is completely trustworthy. With routers being exploited by malware and the DNS system itself found vulnerable, there are no guarantees that where you want to go is where you'll end up. Even on good sites, malware can come through the ads.
     
  16. Tipsy

    Tipsy Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    207
    I really like this observation. The usual answer assume every user is the same. But in reality, it is not true. Different users have different needs of their systems and encounter different kinds of security threats. So what will help them most will be different.
     
  17. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    I voted
    HIPS/Behavioral blocking and
    Other that means backup and system virtualisation.
    Why not Firewall?...because HIPS/BB have some features to control outbound internet connections and port listening what sometimes is quite enough.
     
  18. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
    The Poll is " most important ", so I voted av - fw - HIPS. But a multi layered defense naturally needs something more... ;) And, yes, Firewall Router obviously.
     
  19. guest

    guest Guest

    I thought we were talking about the most important pieces of our own setup?
     
  20. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    974
    How about the user(s) knowledge level of the platform their using & knowing how to best implement the
    security of the OS and any additional security harware/software & policies.

    e.g.) If a user installs a firewall/hips program, but doesn't quite understand the alert
    prompts, they could do more harm than good.
    Note: In this example it might be good to also have a boot-to-restore program installed if one
    makes a mistake.

    I would also recommend...BACKUP!

    e.g.) If a user sets up a hardware router, but doesn't check & change the default settings, they could
    leave themselves open to an attack.
     
  21. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Other

    While you need a layered strategy that might include some combination of the choices presented, those same choices are reactionary. What you need is a way to enforce and reestablish a clean state when necessary. That is why (note: I am biased towards ISR/BTR) I would select to have the following basics and then add other measures depending on my expected risk:

    1. Complete, bare metal restore image
    2. Redundant data backup in multiple locations separated by geography to minimize risk from disaster/emergency
    3. Disk level Instant System Recovery at the client level to enforce clean states and maximize system availability/productivity
     
  22. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,214
    Other: Imaging system and backing up data with USB external hard drives.
     
  23. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I disagree. Restoring to a clean state is reactionary, not proactive. Restoring to a clean state doesn't prevent infection or compromise. It cleans up after them. Restoring to a known clean state is something one should do when their primary defenses fail.
     
  24. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Yes, the backups are reactionary, but the ISR isn't as it has nothing to react to or any reason to do anything other than enforce the clean state of the machine established at the moment the virtualization (whole disk sandboxing) was activated. This is the proactive approach of rejecting any changes to the real disk whether good or bad by default.
     
  25. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Could you define ISR/BTR. I'm not familiar with that acronym.
    I would consider default-deny as proactive. Default-deny blocks changes unless they're specifically allowed by the user.
     
Loading...