What is your security setup these days?

Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.

  1. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,312
    Location:
    USA
    How do you use 2 different dns's?
     
  2. Use Primary IP address of DNS service A for Preferred Address and primary IP address of DNS service B for Alternate Address as settings for ROuter or TCP IP4 settings in adaptor settings
     
  3. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,312
    Location:
    USA
    :thumbd: Screens would help lol
     
  4. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    You do realize it doesn't work this way, right?

    Primary and Secondary is for failover. If the primary DNS is unreachable it will poll the secondary, but only if the primary isn't reachable. If you have an enterprise FW it's possible to assign DNS to specific segments, but as a rule the way you think it is working is not correct. There is no switching to the backup DNS server(s). In a busy enterprise environment DNS requests are distributed across all your nameservers relatively evenly. (This is done by querying servers using a round robin schedule.) If one or more name servers are down, requests will be retried on another nameserver after a timeout. In the home situation you will almost always poll the first name server. Another caveat, some crappy home routers won't even poll the secondary DNS, they'll return unresolved rather than taking the effort to poll the second one. Netgear's low end crap routers come to mind.

    So having OpenDNS(NS1) and Norton(NS2) is absolutely pointless if you are trying to do some sort of layered domain name scanning. It simply won't work. 'Layered threshold' sounds fancy, but it has no meaning in the context of DNS. There is a fancy way to setup a caching layer. NS1 caches, then NS2 verifies integrity, but you aren't going to be doing that with any gear you have running.

    Also testing throughput won't test anything related to the DNS. The way to test DNS is to setup a DNS cache script to poll DNS then generate a timestamp. I think there are tools to test this. But throughput? No.
     
    Last edited: Oct 31, 2014
  5. Yep of course
    and of course not simultaneously Did you really think that :D not what I intended to communicate :blink:
     
  6. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,312
    Location:
    USA
  7. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,312
    Location:
    USA
    I thought KS was abandonedo_O
     
  8. DX2

    DX2 Guest

    How long ago did i make that post, at least a year?
     
  9. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    It's still not working how you intend simply because in your environment, 100% of the time it's polling the first DNS, and ignoring the second. The only time it would poll the second is if OpenDNS drops or there due to the number of requests it round robins, but that's generally never going to happen. So in effect, your secondary DNS might as well not even exist.
     
  10. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
  11. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Hierarchy is;

    1) Adapter Settings.
    2) Switch Settings. (layer 2/3)
    3) Router Settings.

    So any static entered on the client (Windows Adapter, etc) will take precedence over anything else, then the switch, and or router. So if DHCP is set on the router then your router will handle IP assignment, and DNS resolution (usually through ISP). But if you have DHCP-pointer on the client, with static DNS then the client will rely on DHCP from the router, but force the client to resolve to the FIRST DNS, largely ignoring the second in almost 100% of the cases. Having 2 different DNS means nothing, you aren't 'layering' anything. Does that make sense?
     
  12. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,250
    Location:
    Chaotic Land
    Using whats in my signature...
     
  13. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    12,161
    Location:
    Here
    I like your setup :thumb:
     
  14. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    I just put a Sophos UTM 9 on the front end of my network at home.

    The power is immense. Double scanning engines on all inbound - hardware level. First pass is Avira, second is Sophos, with no drop in throughput as throughput is a measure of how much hardware I can throw at it, and I've thrown a lot of hardware at it. Not for the faint of heart, it comes heavily secured, and locked down. Blocking virtually everything but 'normal' business traffic - that means rules/policies for Steam, Origin, and even your VOIP need to be put in. But anyone with reasonable experience with enterprise UTM won't have much trouble.

    I really enjoy the region blocking. I have entire swaths of the world blacklisted except in cases where individual applications need access for specific reasons, and then I have exclusions for those particular applications as noted in application monitoring. No real reason to allow most of Asia to go inbound to my systems, and I can lower my profile significantly by removing them from the equation.

    Imagine having Avira+Sophos scanning all of our inbound.. <shivers> I could probably remove any localized AV's entirely, and roll with only an on-demand once in awhile.
     

    Attached Files:

  15. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,520
    Location:
    Canada
    @1chaoticadult,

    you might be interested in gorhill's latest effort found here. I've been using the uMatrix & uBlock combo for several days now and it's excellent. I'm spending less time managing script filtering with uMatrix/uBlock combo than I was with httpsb.

    I would agree :)
     
  16. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Also Sophos UTM 9 has a lot of settings for PUA/PUP detection, and the potential to lock down your network for a huge variety of threats whether they are based on region locks, behavior, or raw signatures. I am very impressed with it so far. I in-bound/out-bound blocked from every significant hacking origination country on the planet other than US and RU. RU because I play some RU games. :thumb:
     
  17. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    I am genuinely intrigued by all of your recent (and past) hardware purchases and I would be confident in saying, wholeheartedly, just drop your local AV entirely. You have paid for and deserve this much needed peace of mind, time to relax any local AV scanning, take a deep breath, and enjoy that performance and throughput.

    I have much less of a setup when it comes to money put into hardware, but I do make it work with what I have and trust on my knowledge with what I've done with my networking hardware and therefore have enjoyed my systems without AVs for years now. I believe very much, like you, in putting that hardware to work so that we can get real work done on our systems without interruption or worry. Much respect.
     
  18. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    I just redesigned my entire home network today. Sophos UTM9 was remarkable, but not suitable for the home. It simply blocks too much, and requires too much individual tweaking. Everything from my VOIP, to Steam, to individual games were problematic under it. Without going into too much detail I dropped it. My new setup is pretty astounding - I think.

    Gateway - ZyXEL USG60 Next Generation Layer-7 UTM. IPS/Antivirus/URL Filtration enabled.
    Bridge - Untangle 9.45 Layer-7 UTM. Antivirus/Adblock/Phishing/Spyware.
    Managed Switch
    WiFi
    - ASUS RT-AC87 Functioning in AP Mode

    Essentially on my gateway I have a Layer-7 with Kaspersky UTM - full signatures, and Commtouch+Bluecoat URL Filtration. This is a subscription based device, and I have already paid up for year on it in advance. Nothing is connected to the Gateway Router/UTM other than a single Cat5e going to the Bridge.

    The Bridge is a Dual Core 2.66ghz 4GB Ram Mini-Tower running Untangle 9.45 Layer-7 in Transparent(bridge) mode. This provides real-time scanning with ClamAV Enterprise, along with Clam Community resources for Phishing/Spyware, as well as Google Database. It has Adblock-Plus built in with self-updating signatures. No other features are active as it's in transparent mode with no routing/forwarding/policies.

    Next is the switch, which handles traffic from the bridge(Untangle), into the actual network. Followed by an ASUS RT-AC87 functioning as a an extremely powerful AP.

    How this works is all traffic comes into the Cable Modem (DOCSIS 3.0), then goes into the Gateway. The Gateway handles DHCP, DNS, and the UTM scanning aspects on the front end, along with aggressive IPS/IDS. Coming out from this is a single cable going into the Untangle Box which 'conditions' the line for the final push to the devices. Here it gets a quick check with the secondary UTM before it's pushed to the switch and out into individual devices in the home. Now THAT is layered security.

    Edit: Sticking with Norton 2015 on the machines because it is so light, 10 license pack covers the machines. Now all of the tablets/phones/roku/smarttv and other devices are getting some AV action too.
     
    Last edited: Nov 1, 2014
  19. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    633
    Location:
    Canada
    Back to what works best for me, EAM, MBAM, Appguard. I'm a install and forget it type of person. These 3 seem to be silent but deadly.
     
  20. JohnMult

    JohnMult Registered Member

    Joined:
    Mar 26, 2012
    Posts:
    113
    Location:
    Greece
    My new security setup and a few thoughts:
    1. Sandboxie free
    2. CryptoPrevent
    3. SecureFolders
    4. Chrome
    5. Yandex Dns
    Because I’m still under Windows XP Home Edition as Admin I setup the follow plan:
    1. A secure browser (Chrome) with plugins click to play and μblock only extension in secure sandbox (chrome.exe only allow to run and connect to the Internet, Windows folder and Program Files as Read-only, block access to my documents and direct access to Chrome profile).
    2. CryptoPrevent is set and forget in my opinion
    3. SecureFolders block executables in Sandbox folder and my downloads folder.
    4. Chrome and Yandex black lists are supplementary and also set and forget.
    I’m finally out of antivirus and all his downsides and if I was forced to choose one that will be Panda Free Antivirus.
     
  21. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Upgraded to Untangle 11x on the Bridge. They nerfed some of the free features, but it's quite a bit higher performance, and I was able to fix the daemon issue with some of the apps.
     
  22. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,342
    Location:
    U.S.A. (South)
    I like your security setup.....A LOT!

    My recent changes are listed in my sig below after being CryptoLocked (Those dastardly villains :eek:)
    Also dumped 360IS for not stopping it in the first place. Where are you EQS x64 when you're needed?
     
  23. JohnMult

    JohnMult Registered Member

    Joined:
    Mar 26, 2012
    Posts:
    113
    Location:
    Greece
    Thanks
     
  24. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,312
    Location:
    USA
    Somehow I was looking at older posts and didn't realize it, sorry
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.