What is your security setup these days?

I think I got a setup that offers near guaranteed protection, including a high degree of hacker proofing. (I hope)

Attached is a picture of my network at home as it currently sits. The Security Appliance has an active malware system, as well as deep packet inspection. The SOHO Wired Router is functioning as a switch, but with Trend malware inspection. The wireless one has no SSID BC, QOS enabled, and IntrusionD/SPI activated as a layer for wireless devices. My home network averages 15-25 devices connected. Most are secured. All of the wireless devices are encrypted. The VOIP PAP2 has advanced admin modes on, with long form passwords and unique names, with NAT enabled (by default they do not). Most of the wireless devices have additional firewall protection, and malware/intrusion type software (varies by device). Privacy policies are NOT accepted on any device in the home. (OPTOUT)

In addition to that setup, individual computers have - in layers;

1) Locked down, Secured, Privacy Oriented trimmed up Windows 8.1.
2) Malware Website Check via/Adblock (just the malware check)
3) Malware/Phishing/Scam Website checks via Adguard (system wide)
4) Malware Website scanning via Chicalogic/MBAM.
5) File Protection - Chicalogic/MBAM.
6) Heuristics+Machine Learning Checks via IMMUNET3
7) Appguard System Control

I cannot say with 100% assurances I am malware proof, but I would GUESS I am, and will try a purposeful infection test again soon. The last one I tried with 100 malware domain links and not a single one made it. Anyone attempting hacks would find many layers to get through, most exploits plugged up. In addition they may get through one network appliance, but they'd run into another layer after that.

 

Starting to prepare a new set up for testing and was thinking of changing the the following current setup for a lighter feel:

Winpatrol Plus
Windows Firewall
Avast 2014
MBAM
EMET
Sandboxie

I was considering swapping winpatrol for NVT ERP, which would serve as a harder HIPS approach, but i really like the registry watch and start up program notice of winpatrol. What are people's feelings towards WP and NVT. NVT has gotten so much praise so I am interested (and will most likely buy a license regardless), but again I have enjoyed WP for some time.

Sandboxie is a must so I will keep that regardless, but the rest is up for debate as i read through seemingly endless posts in this thread and read people's opinions on some other options regarding NVT and compatible programs with minimal overlap.

 

If you are using sandboxie free version then there is not enough benefit in running EMET. EMET won't protect applications inside sandboxie.

 

So I've read. It's one of the programs I was planning on dropping as a result. Also the past incompatibilities of past Avast/SB editions almost caused it to fall as well, but the latest builds seem to remedy most problems.

However I see a lot of folks not relying on any real time Av with programs like NVT or Applocker so i will give that some thought as well

 

@DoctorPC

Nice network/security setup. How much time and effort does it take to maintain this setup?

hqsec

 

It's like Page42 says, Sandboxie and some other stuff. I run a light AV sometimes but haven't had any problems in the past few years when not running an AV with Sandboxie. EXE Radar Pro would be a good decision, and/or you could try AppGuard or VoodooShield. Definitely keep MBAM if only for on-demand scans. With Sandboxie I look for the lightest possible layers that are strong to go with it.

 

I've Always loved MBAM, its served me well. NVT looks exciting I can;t wait to give it a go around.

 

Precisely!

 

I suppose I do tend to say that from time to time.
It definitely denotes the importance I place on the non-Sandboxie layers.

 

FleischmannTV actually has a point. Chrome's sandbox and Sandboxie's sandbox have different scope of protection...

By reading today's trending, I would be pretty confident to say that the infection was more likely happened via the stereotypical method: a user initialized the infection, with s/he realizes it or not. Chrome's sandbox can't protect you from that, Sandboxie's can. But if the user initialized the execution outside of Sandboxie's sandbox, then that'd be the same story. In a nutshell, the problem is how the user executes what.

Sorry, got to justify it to maintain the balance of the universe.

 

Good Evening! Re-Installed ESET S.S.7...in tandem with WSA Security Plus...and AppGuard...and HMP Alert 2.5...Sincerely...Securon

 

Those are some powerful programs. Today I installed NOD32 again to run with Sandboxie. Probably my favorite setup.

ESET NOD32 and ESET Smart Security are free at the moment at newegg:
http://www.newegg.com/Product/Produ...er=BESTMATCH&Description=eset&N=-1&isNodeId=1

 

I'm going to go there one day before the year is out.
I have a couple copies of NOD32 and when VIPRE gets ready to expire, hello NOD32.

 

I've added the current beta of Baidu Antivirus to my setup.

Now I have Baidu, Ikarus and Malwarebytes all as on demand scanners.

 

Just running WSA Complete. Guess I need AV rehab!

 

do we all

 

I just ditched Ikarus due to not liking the user interface.

Now to find something else for my second antivirus...

 

No time once setup. The Security Appliance polls hourly for malware/phishing updates. Once it is configured, it's ready. The Soho wired polls once a day for TrendNet updates, once setup, it's automated. The only thing I really need to do is manually add the MAC address of any new devices we get since I have MAC filtering enabled. I know MAC filtering isn't a huge boost to protection, but even a 2-3% improvement is something I consider given how easy it is to add the MAC's for wireless devices.

So that's it really. I do a weekly security audit that takes me about an hour. There is an hourly automated audit on the system. That has found intrusion attempts. Only 2 devices I have had intruded on, and that was before the illustrated system was fully in place. Someone was turning on and off my smart-tv to ~snipped~, then a couple days later someone hacked my VOIP PAP2, and fudged up the settings. I increased protections since then, dropping everything behind a security appliance, and boosted the internal FW/SEC on the PAP2, as well as long form PW protection. PAP's generally come WITHOUT anything enabled, and even default passwords - I learned the hard way on that one. Your VOIP provider says 'we got it all set for you!' of course leaving the password blank, and the logic Admin.. Nice job guys!

Somewhere around here I got photos of my setup, it's pretty nice. I had custom tables built by a company that builds computer tables for universities. Really sweet, got em shipped in from Texas.

 

Here is one of my 'stations'. Right now I have 2 lan gaming stations with 3 PC's each. Each one is half of hexagon table (custom), so each gamer can't see the screen of the person next to them. Monitors are all 22", PC's are at the minimum Quad Core 3.2's with 8-16GB of Ram, and GTX 6XX series or better.

In the picture you can see the Black Knight SOHO Wireless in the center, and the Motorola Surfboard Extreme to the left. The Security Appliance, and Wired SOHO router are hanging in custom baskets suspended from the bottom of the table. Picture on wall is Signed Leroy Neiman Lithograph of Ali vs Holmes, worth a few thousand. I used to have lan nights every week, but rarely these days. <sniff>

 

Looks nice

hqsec

 

I just tried Avetix, which uses BitDefender's scan engine. Scanning a folder of malware was lightning fast, but detected nothing. I looked again at the program's interface and it was prompting me to check for updates - it comes with no definitions! It took over an hour to do the initial update. After which, it did detect malware, but the detection rate was unremarkable.

 

Had to bite the bullet and get a new machine. Unfortunately it is 64-bit and I cannot run my beloved DefenseWall.

Windows 7 Professional SP1 x64

Firewall:
NAT Router (Password Protected)
Look’n’Stop Firewall 2.07 (Phant0m’s Ruleset)

Anti-Virus:
Emsisoft Anti-Malware 8.1.0.40

Blocking/Hardening:
VoodooShield 1.30
MBAE 0.10.0.1000
SpywareBlaster 5.0 (Ad-Aware custom blocking list)

 

WSA with Sandboxie is my other favorite. I can't choose between two favorites, sign me up for your AV rehab.

 

Technically I use the same (WSA & Sandboxie)....Dr. Bo would disown me if I didn't keep SBIE loaded or on standby!

 

No need to go to AV rehab. WSA and Sbie are good. Use both. And Rompin, don't make Bo angry. Make sure Sbie stays.