1) Anti-Spyware
2) Anti-virus
3) Firewalls
Printable View
1) Anti-Spyware
2) Anti-virus
3) Firewalls
You for got
4) Patched OS
5) Limited User Accounts
6) Internet and email habits
7) all of the above
All depends on the environment
;)
MLF
You forgot another, Unix/Linux.
Thats right...I forgot.
They never need to be patched...or need a firewall
and everyonne can run as Root\ or SU :rolleyes:
you are fooling yourself if you think that running an OS other then MS is security
pfffft
MLF
Sorry.. That's BS.. There's nothing in Unix/linux that makes it more secure then Windows. The only reason is the apparent lack of malware for *nix. It's just not widely known but it is there and you can get bitten by it. I know I've seen many pwn3d linux systems.Quote:
Originally Posted by isildur
One really big urban myth is that you need admin/root to do anything. This is just not true. You'll be amazed at what the www/nobody user can do.
If they are not properly configured and kept up to date, none of them.Quote:
What type of security system gives you the most security?
1) Anti-Spyware
2) Anti-virus
3) Firewalls
Having said that they all do different things, and if you look at major players such as Norton, McAfee, ZoneAlarm, AVG, Avast, PC-Cillin, Panda, Kaspersky and the like you will see that they offer a "security suite" that combines a variety of functions including those three.
I think this means no one knows what to use...?
I personally don't know the best but I use these products with good results.
AVG - anti virus
Spy Sweeper - anti-spyware
Zone Alarm - Firewall
(I don't know about the free versions) Probably better than nothing...
Yes you have to configure all security programs to work properly. This combination seems safe and doesn't bog my system down as much as most but nothing is perfect.
Use them all...
Security is a layered approach
MLF
Agree, security is layered approach, basically you should start from
1. Risk management, define which area contain high risk
2. Control the risk using appropriate approach e.g antivirus, firewall, biometric, kerberos.
3. Repeat the 1,2 step.
-Anjar Priandoyo-
http://securityprocedure.com
I choose "None of what you listed".
Not one thing on there is going to be 100% sure.
As for saying Linux or UNIX is going to give you a better shot, I'll stir the pot here and say "Actually it will if you know how".
Why?
Windows doesn't let you play with the Kernel. Windows needs RPC.
So no matter how much you say Windows can be locked down just as well as any version of UNIX, Linux, or BSD, I'll say that's crap.
What if someone needs to set up a server cluster that can NOT be taken down, and needs to be locked farther than usual?
Well with Windows that won't happen. Something is going to need an update and those all need a reboot in Windows.
If I said set up a Free BSD server, hire a good UNIX coder, and basically take the Kernel down to NOTHING but what you need to boot, and then basically hack a Web Server directly into the Kernel telling it to drop ALL packets that aren't web traffic, you have a machine that is going to be mighty hard to break into since it's nothing but a Kernel and a Server hacked into it and the only packets it's ging to let through are requests from a web browser asking for the web page.
You just can't do that with Windows.
That's the ONE argument where it's somewhat true that you can make BSD and Linux much more secure than any other OS.
And the chance that Microsoft is going to let users start playing with the Kernel source is VERY unlikely. So until then, I'll stir this pot until it simmers.
Of course, if someone can actually prove that wrong I'd LOVE to hear about it ;)
And just in case someone wants to reply without reading anything on here that I've said in full, I was talking about reducing Linux or BSD to nothing but the Kernel, and THEN reducing the Kernel to nothing but what is needed for the EXACT hardware in the machine, and hacking a web server right into it and then making it drop ALL packets that aren't web traffic.
I know of some places that do this with their need to be up machines and as far as I know, they don't need to even update those boxes.
That's why you have a cluster. You can take one leg down, the other(s) will still serve requests. Service availability is the key not server availability. Try setting up a *nix cluster and you'll need to do the same if you want/need to update.Quote:
Originally Posted by gore
There's no "need" to take a part the Windows kernel. It's a hybrid kernel (mainly micro but with some monolithic trades) meaning it's already as small as possible. Linux and BSD have a monolithic kernel, everything but the kitchensink needs to be build into it.Quote:
If I said set up a Free BSD server, hire a good UNIX coder, and basically take the Kernel down to NOTHING but what you need to boot, and then basically hack a Web Server directly into the Kernel telling it to drop ALL packets that aren't web traffic, you have a machine that is going to be mighty hard to break into since it's nothing but a Kernel and a Server hacked into it and the only packets it's ging to let through are requests from a web browser asking for the web page.
The reason to do this (hack the webserver into the kernel) is performance, not security. Performance will be enhanced because there's no need to switch context between user and kernel mode. It actually makes things LESS secure because a bug will take down everything (a nice fat kernel panic). Exploiting that bug will get you into kernel mode instantly. Not really what you want if security is essential.
OK maybe I'm not saying it right, but I know for a fact you can make a box a hell of a lot more secure stripping it down to a service and a Kernel.
I'll check in the morning because there is ONE person I know personally who does this at all. I can probably find links online to it but I'd rather check with the one person I actually know who does this.
I'm obviously not describing it properly.
Also, as I last read, the Nt Kernel isn't true Micro. It's Hybrid.
I'd love to see how he does it ;)
Me too because I can't find ONE link right now when I used to have one saved. I know the basic process is stripping the whole system down to nothing. Pretty much you hack the Kernel to nothing but what you need to boto hardware and NOTHING else, and pop the server right into it to only allow web traffic on whatever port it is you want it to allow and tell it to drop everything else... And for the life of me I can't find the damned web page that I had read about it on.
I've only heard of it being done twice. Once was for some porn site that kept getting broken into, they paid a Kernel coder a crap load of cash to do it and didn't once ever have an attack again nor did they update the thing ever again and it ran for over 7 years.
The other is more higher end. Of course I can't find it now that I actually need to so I'll just have to wait until they get up in the morning.
I can try to keep looking but I'm probably not going to be sleeping any time soon, Wife had a panic attack so we're both up and after my little trip to the ER yesterday neither of us are having the best day ever.
That's actually pissing me off because I can't remember where it was where it was even talked about, I tried google and searching for the exact terms, then adding in + this and + that but it still didn't bring up the results.
Still, IMO shoving everything into the kernel is a bad idea, security wise. In an ideal world this could work, in that ideal world there are no software bugs. We all know in reality bugs do exist and it's just a matter of time before someone finds it. As been said before, security needs a layered approach. So a fault in one layer doesn't bring down the whole system.
Yes, you would remove remove everything you don't need (hardening). But this is to prevent getting bitten by bug in a part you're not actually using. Keeping it clean means you can focus on only the parts you really use. Still, these parts can contain bugs and you need to build your system expecting one to bite you.
(I hope the wife's ok? Get some sleep! ;) )
I say throw all of those "solutions" in the garbage.
Here is why.
1) AV is a legacy solution. It is comepletly useless in the current and near future threat landscapes.
2) Firewalls suggest that there is such thing as trusted networks. No such thing anymore.
3) IDS doesn't do much for me when criminals have moved over to encryption and/or moving data in normal traffic streams with stego, etc. Besides, knowing something after the fact isn't that helpful.
I say harden your systems to exist in hostile environments. The classic definition of a network as you know it will be extinct in 5 years. Think cloud.
--TH13
SirDice,Quote:
Originally Posted by SirDice
Can Service(s) be available without the Server availability? The only reason I ask this question is, because I am puzzled.
Thankyou in advance if you could explain what you meant?
Cheers
R.o.P.E
This is one way to do it:Quote:
Originally Posted by Residents.of.Planet.Earth
http://en.wikipedia.org/wiki/High-availability_cluster
SirDice,Quote:
Originally Posted by SirDice
Thankyou for the link. I recognize that the subject matter (Clusters) is complex to my understanding and comprehension, but I think I get a picture of how Service(s) can be made available in High Availability Clusters with the help of redundant nodes, in case a particular node detects a hardware/software failure. The failing node then restarts the applications on the redundant node.
Very interesting subject.
Cheers
R.o.P.E
Just the kernel... so this wouldn't support any server-side scripting at all, right?Quote:
and basically take the Kernel down to NOTHING but what you need to boot, and then basically hack a Web Server directly into the Kernel