What is your security setup these days?

Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.

  1. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    What was the vector of Crytolocker? Did you ever determine it?

    We've seen some Cryto-Like stuff hit people with java drivebys and such.. Old java version?
     
  2. DX2

    DX2 Guest


    NP Man :)
     
  3. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    9,027
    Location:
    Lloegyr
    Win 7 x64: MSE, SAS, MBAM (both on-demand), SpywareBlaster, browser hardening. Ubuntu: browser hardening (NoScript, ABE, WOT). Android: None.
     
  4. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,250
    Location:
    Chaotic Land
    Thanks I keep it simple. ;)
     
  5. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,250
    Location:
    Chaotic Land
    I will give it a look. Thanks Wat.
     
  6. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    New setup.. I dropped the USG210 off (overkill), and returned it to where I work, swapped it out with the USG60 NGFW. Now I am setup with;

    Network:
    Motorola DOCSIS 3.0 Modem
    ASUS RT-AC87R Wireless (in AP Mode only)
    Various 8 Port Gbe jumbo packet switches. (non-green mode devices)

    Network Security:
    ZyXEL USG60 NGFW Layer-7 UTM- Full AV/URL/IPS enabled.
    Untangle v11 Layer-7 - Full AV/Adblock/Intrusion Prevention. (transparent bridge mode on a Dual Core 2.66ghz)

    Failover:
    4G LTE USB Hotspot (plugged into ZyXEL)

    Backup:
    3x CyberPower CP1500AVRLCD

    Power Conditioning:(whole house surge suppression/power conditioner)
    PU1200 KVAR

    Desktops/Laptops:
    Norton 2015
    Kerish Doctor
    uBlock
    HTTPS Everywhere

    Servers:
    Appguard (full lockdown)

    People may balk at me using the most powerful WiFi router in the world as an AP. I find it frustrating I can't use it's security features in AP-Only mode myself. But consider that it's better than $500-$1000 Enterprise AP's, and you realize it's a bargain at $290.00...

    This may be the most secure setup here because of the layered layer-7 UTMs and blended protection it provides. Covering a wide range of malware, exploits, and malicious websites. The network has layered Kaspersky UTM and ClamAV UTM, combined with double intrusion protection, and 2 stage URL filtration. Latency hasn't been increased with this setup, and the speed tests out perfectly with leveled network strength. I'm re-wiring the entire sever room this weekend with Cat6 (550mhz)to future proof it, and to improve shielding.

    I've been debating on going with Sophos UTM9 vs Untangle. But Sophos is a pita, even in transparent mode because it is so heavy on protection/blocking that it blocks normal things like SmartTV's and VOIPs. But it offers free - Avira+Sophos dual scanning engine on the network. However it offers no adblocking whatsoever, and given Untangle blocks on average, 3,000 advertisements a day at the network level - it's probably a better solution - and it just WORKS. If there is a way I can improve this network I will, but so far I think I have it covered.

    Edit: I just ordered another refurb dual core box, and will attempt the impossible this coming weekend. Triple UTM with two of them in transparent mode, chained together. It may fail miserably, or set a new standard in insanity for Wilders.
     
  7. x942

    x942 Guest

    After a long while I finally did a major security overhaul.

    Network:

    Buffalo Wireless N router running open-wrt
    Untangle UTM - This is the actually router the Buffalo is set as a dumb Access Point and doesn't do anything else.

    Network Security:

    WiFi - WPA2-CCMP
    Raspberry Pi running Kismet and alerts me if something weird is going on (potential Rogue AP).
    Second Raspberry Pi running a custom script that alerts me any time a new device connects to my network.
    Untangle Router is running Snort IDS and AV on top of the normal firewall. Also blocks all P2P traffic and "shady" sites.


    Failover:
    4G LTE WiFi router


    Desktops/Laptops:
    Laptop #1: Debian Linux hardened with GRSecurity and RBAC.
    Laptop #2: OpenSuse hardened with GRSecurity and RBAC.
    Airgap: Debian Linux hardened with GRSecurity and RBAC with all network disabled in the kernel and physically. Battery powered to prevent powerline attacks, stored in a secure location to limit access.

    Web browser: Chromium with uBlock, HTTPS Everywhere, JavaScript disabled by default.

    Encryption: LUKS AES-256-XTS for all computers. Also use Tomb for encrypted volumes.


    Servers:
    All of my local servers are ran on one machine, I use KVM to virtualize them. Most are protected with SeLinux/Apparmor. My severs are local only and can't connect out over the WAN so I am not to worried about them being attacked. The VM's are turned off when I am not using them too.
     
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    12,200
    Location:
    Here
    @Mayahana
    I see that you have good network security set up. Probably so good that I don't believe Norton 2015 is bringing anything to the table.
    Did you consider installing some kind of white listing solution (anti-exe, HIPS) on your desktops instead of AV?
     
  9. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    Regarding Kerish Doctor, I was under the impression from some of your previous posts that you were very iffy when it came to Russian software (and from China as well)? Or was that more for your workplace equipment?
     
  10. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    Emsisoft Anti-Malware.
     
  11. Desktop setup (Windows 7 Ultimate 32 bits)
    - Recovery: Weekly Windows Image and Syncback Free data backup to NAS and USB-disk
    - Hardening: Windows Firewall (also blocking outbound), GPO (disabled risk-ware/autoruns)
    - Whitelist: UAC (block elevation of unsigned), SRP (default deny basic user, allow admin)
    - Mitigation: EMET (+block jscript/vbscript in Office), µBlock (+block 3rd scripts/iframes)
    - Blacklist: Norton DNS, Chrome (safe browsing), Linkscanner (scripts), µBlock (easylist)
     
    Last edited by a moderator: Nov 7, 2014
  12. VectorFool

    VectorFool Registered Member

    Joined:
    Oct 21, 2012
    Posts:
    280
    Location:
    India
    Ditched Online Armor Firewall for Comodo Firewall.
    Online Armor is a good firewall, but not great when it comes to usability for me, also too many exploits passed through it in my private testing.
    But it was compatible with Emet 5.

    Comodo Firewall on the other hand is a bit buggy too (Cis tray doesn't start up automatically), but thankfully i found a fix in their forums.
    although its no excuse for Comodo to release a "stable" product which is unusable without a registry fix.
    Sadly Emet 5 became unusable with Comodo firewall.
     
  13. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Great setup!

    I'm staging for three Layer-7 UTM's in parallel this weekend - should be interesting if I can pull it off with creative forwarding/routing/policies. I just rewired my entire network to Cat 6a last night to get ready, and replaced one of the switched with a rack mount 16 port Gbe with Jumbo Frame Capability.

    That's 4 AV engines at the network level, 3 of them free. (Kaspersky, Clam, Avira, Sophos) with multi-layer intrusion/shielding, and 3 layer deep URL inspection. If I can keep the latency down to sub 2ms. Right now it's Sub 1ms with 2 of them online.
     
    Last edited: Nov 5, 2014
  14. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Yeah, no question that if something doesn't play well with SBIE, it's that something that has to go, not SBIE. It's the only thing keeping me from adding MBAE Premium to my setup right now.
     
  15. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,276
    Location:
    Nicaragua
    Thats exactly what I do. About 4 months ago, after doing a factory reset in my W7, I found Libre Office portable giving me some kind of error, at the time, I did not want to spend the time figuring out why this version was not working under SBIE as the little older version that I had been using before the Reset.

    So I just installed something else. This something else was Kingston which I didn't like much for different reasons. A few days ago, while in Shadow mode, I decided to check if the latest Libre was working better with Sandboxie and to my delight, I found it working great. After getting out of Shadow mode, I uninstalled Kingston and went back to Libre.:thumb:

    Bo
     
  16. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Why run SBIE when you can run a VM/VBox and be done with it? Virtualize everything, then share folders you want to share like in ESXI.

    This seems like it would be much more compatible, and far less headaches then using SBIE.
     
  17. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,276
    Location:
    Nicaragua
    Hi Mayahana. Using Sandboxie is not a headache, you should try it sometime. The convenience that you get with SBIE is unmatched. Virtual machines don't come close. By the way, most programs work great under Sandboxie, the example that I wrote about is only an example. Nothing more.

    In my computers, XP and W7, all programs and files run sandboxed every time that they run. And they run nice and safe. Using Sandboxie the way I do, allows me to use the computers as they were designed originally to be used. If I want to run something, I just run it without bothering with scans or antiviruses or anything like that. Try it, you might like it.


    Bo
     
  18. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    I understand the concept of SBIE, limited virtualization. But why not just toss Mint in a VBOX, and use that without any security of any kind, then link a protected, isolated USB as the shared drive between the VM and OS?

    Never a care in the world when you do that, and no risk of any errors, incompatibities, etc.
     
  19. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,276
    Location:
    Nicaragua
    A few reasons. Both, my XP as my W7 have 2 GB memory. For what I do when I use the internet and the computers, that is more than plenty. But I cant use a VM with that amount of memory. Read this Mayahama. The convenience that you get with SBIE is unmatched. I don't have to reboot to get out of sandboxing. You sandbox programs and files and delete the sandbox in the time that takes you to open and close your eyes. You can not do that with VM. And resources, Sandboxie pretty much uses none. CPU usage is always a nice big 0%.

    And security wise. Virtual machines are supposed to be safer but in the 6 years that I have been using Sandboxie, I am still waiting for something to escape the sandbox. Nothing ever does. Sandboxie works so nice that I got rid of all other real time security companions 4 years ago, I even went a little further 3 years ago and stopped carrying any on demand scanners. Sandboxie is it for me. Looking for something else or making changes just for the sake of change is not wise.

    Bo
     
  20. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,276
    Location:
    Nicaragua
    I missed this part. This is the way Sandboxie treats USB flash drives. Whenever I insert a USB flash drive, the USB drive folder pops up open using a sandboxed version of Windows explorer. If anything runs, I dont care what it is, it runs sandboxed.:cool:

    Mayahama, you seem to be a nice fellow....try Sandboxie, you might like it.

    Bo
     
  21. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    This explains it. Not enough ram to do this, 4GB is the minimum for an effective VBox. SBIE probably is perfect in this case.
     
  22. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,276
    Location:
    Nicaragua
    Yes it is:). Mayahana, I like to turn you on to Sandboxie. Listen to episode 172. The first thirty something minutes are about NoScript. I love NoScript but you can skip that. At about minute 36, Tzuk starts talking about Sandboxie and what motivated him to create it. Download the 43 MB audio file.
    https://www.grc.com/sn/past/2008.htm

    Bo
     
  23. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    I've known about SBIE for years, and was an early user of it. Also I used Dell's KACE browser for quite some time, which is essentially a SB-type program integrated within the combined coded of Firefox. I have little need for any desktop security anymore, but in the past (as recently as a month ago) had a thin client window for browsing-only. Thanks though!
     
  24. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,312
    Location:
    USA
    Reformatted my lappy and shrunk my layered security a bit...Should I add CryptoPrevent again or should ERP be enough to stop Cryptowall etc?

    I should let you guys know that sometimes I browse without sbie, but usually only trusted sites.
     
  25. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Don't act as if his entire stance hinged upon his lack of RAM. He brought up a ton of valid points as to why his approach is sound. And how it is especially more convenient... no contest, contrary to what you stated.

    If you're using a box from your own home it doesn't matter what type of measures you try to take to be anonymous. Deploy as much security and privacy as you want (within reason), while keeping things light and convenient. I deploy a setup like the one you mentioned (and then some), but on a Macbook that I never use on my own network, from my own home. Using chained VPN's & TOR, all running on an encrypted USB stick (a Kingston DataTraveler 4000), taking measures to see to it that nothing touches the actual box. But it's hardly practical to roll like that all the time, like when I'm just watching Youtube videos, or talking to y'all on here. What's in my sig is plenty sufficient for that, and probably even overkill.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.