September 13th, 2011, 09:35 AM
End Point Protection [Securing Your Computer]
I haven't seen a newer Tut on securing a computer and decided it was probably worth my time to write as i have done some work in Information Assurance (IA). Notice that some of these programs won't be free, and some may not be cheap. Though I don't think $60 or so for some of the programs i list, is really that much to ask.
What I am going for here is to write about End Point Protection, or a host based system for protecting your system. If people like this article I don't see a problem of writing something if you have more computers and wish to protect them, and have a server to do some of this stuff from.
If you have 2-4 computers (I have 4 laptops, 3 desktops, 1 server) I like to keep my network segmented so that information that I don't wish to be accessible to the internet, isn't there. I have 3 routers within the home network. The modem/router that is setup for the internet is just the default settings, with a little bit of extra security, the Wireless is turned off so that the only connection to that is 2 Ethernet cords running to my other routers. This setup ensures that no one can "just connect". Both other routers have wifi turned on and have a WPA2-PSK key, along with MAC address port security. Though one of them is generally turned of as when people come over its just easier to allow them to connect to the network. The server is blocked from the internet, and i only turn this on in cases where i need to apply patches or do some work on it, but generally as a back up server it doesn't need to be connected. Everything else is allowed on the network but i use a none default IP addressing scheme.
End Point Protection
Over the years I have used a few AVs and have liked a very select few of them. With AVs you get what you pay for, that being said, the best one you most likely already payed for. When you bought windows, Windows Defender is known to come out with 0-day detection sooner then most other AVs. And is a free option. Though missing a lot of what others offer, its still a good tool to keep on the computer.
I have also used Kaspersky. Though this isn't free, it isn't exactly breaking the bank for what it offers. With a HIDS (Host based Intrusion Detection System) and also a way to setup for a vulnerability scan it checks up on what 3rd party software you should patch. Along with some nice settings like a Gaming setting, so that it will make sure not to run any scans/updates while you are playing games. Thus using a lot less memory and processing power and bandwidth while you're doing something that requires of those 3. Also the vulnerability scanner gives you links on how to fix the exploits it finds.
Blink Professional Edition is another one that is really amazing. Blink coming from Eeyes Retina scanner. You can be assured it is a good product. Retina is a vulnerability scanner that not only scans your system for threats but for 3rd party applications that could be a threat to your system. Retina has a one button fix for the problems, and is a very good tool.
For one reason and one reason only i do not support most free AVs is because the time to make the detection tool is generally associated with how much the company can spend to decompile the threat and create a fingerprint and push it out to you. Since the tools mentioned above have a good base and are able to pay large amounts for the ability to do this, I would choose them above most other tools. Most problems you are going to see on your systems are going to be 0-days. And that means if you don't get a way to detect it within 24-48 hours you will likely be effected.
So take a look at those 2 and find one that you like.
September 13th, 2011, 09:09 PM
nice, but more of a tips n hints than a tutorial
if you could expand the criteria a touch
with extra details on the WHY you segment ?
as opposed to your one line response
bearing in mind that a tutorial is to TEACH those who DON'T KNOW, as well as reminding those with some idea too
as this would then IMHO get to be a far better tutorial,
I agree regards free AV, but bear in mind they all have a pay for version, and none of them are for commercial free use, so they get quite a pay check from the sold versions too
I am one who WILL pay or donate if software works as stated, because if noone pays, nothing new gets created
will be checking out Blink though, sounds good
55 - I'm fiftyfeckinfive and STILL no wiser,
Beware of Geeks bearing GIF's
come and waste the day :P at The Taz Zone
September 14th, 2011, 05:21 AM
I agree, more tips than tutorial, but an interesting topic none the less...As far as Endpoint or any Symantec product, for reasons of "sheer resource hog" and false positives (eg. legitimate network security tools and the inability to probe the annals of Windows with other, legitimate tools) I have always been a hater. This holds true with McAfee as well.....install their Antivirus with another AV, install their suite with another Firewall in place.....your are, in most cases...all done. We used Kaspersky for about 2/3's of our clients and all was well until the dreaded "22.214.171.1242" bug which just out and out locked all our servers due to a bug in the so called "Network Agent".....they still haven't copped to that one and it took me quite a while to find it was an issue myself! All in all it's up to choice and environment I suppose... I now have to deal with a sad and weak (IMHO) Avast roll out which has blocked more legit ports and services than Windows Firewall, and made my life hell (in my experience) instead of my long time champion AVG Internet Security. I've tried them all and between AVG and NOD, I haven't found a better, all around solution with a smaller footprint that does the job (in conjunction with Malwarebytes and Hitman Pro when necessary). My advice, Test, Test, Test! Happy Hunting!!!!
"It is a shame that stupidity is not painful" - Anton LaVey
September 14th, 2011, 01:18 PM
I agree with both above posts, so i've moved this topic into Tips 'n Tricks.
Nice topic, foxy summed up everything i am/was thinking about replying with.
September 22nd, 2011, 09:56 PM
Thank you. I'll revise this and get people more info. Was thinking about doing one on putting your hosts in a specific subnet, and then isolating hosts if you have wireless for your friends? Thus meaning that your unsecure wifi will be unsecure, but not compromise your local LAN security.
September 23rd, 2011, 07:22 AM
That would be extremely useful for BT (British Telecom) customers over here. The "free" hub/router they supply you with is basically promiscuous/vulnerable by design..............World + dog can access it
Was thinking about doing one on putting your hosts in a specific subnet, and then isolating hosts if you have wireless for your friends? Thus meaning that your unsecure wifi will be unsecure, but not compromise your local LAN security.
September 23rd, 2011, 10:44 AM
With regards to AV, I would test each one and decide what you are looking for. With the new cloud based solutions out like Pandas Cloud AV, its totally different to your normal retail product.
IMHO the retail versions of full of crap features that you do not need. Look for an AV with minimal impact on your system that does the job.
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
September 23rd, 2011, 03:46 PM
My wireless router, D-Link DIR-855, was purchased because it has extensive ACL capabilities as well as the ability to set up guest wireless networks. The guest network has its own unique SSID and blocks local access (internet only access).
My other computers have biometric access control in addition to password protection.
Here the important feature is that the screen saver locks the machine after 1 minute of idle time.
November 2nd, 2011, 11:03 PM
Not to put you on a downer but the D-Link DIR-855 is based on a Ubicom chipset so no DD-WRT firmware for that and I hear it has firmware issue's which you may have yet to experience.
As far as AV's go Clam AV for Windows is a nice open source anti-virus http://www.clamwin.com/
I've always found myself partial to Frisk Labs and F-Prot, I remember years back I bought Dr Solomans when it was knocking around, never did find out what became of it, but bought it and thought ah, thats it I am protected.
No updates... try not to LOL.. Few months later someone kindly gave me a virus, yes I did kind of ask for it, never boast about your Rad computer skills to a Virus writer. He sent me a copy of a *.Wav file that simply played a little voice that went "Ooh noooo!" then the funky town started on my Hard-Disk.
Long story short, Dr Solomans did nothing a friend came around with F-Prot Professional Edition and cleaned the Virus off, then when I asked Dr Solomans why their anti-virus did nothing, they said "What did your friend use.." So I told em, they then said quote "Christ we can't even afford that, thats a corporate anti-viral solution..." LOL
Frisk Labs now do F-Prot for Linux Workstations completely free and I've been smitten with there product ever since.
November 2nd, 2011, 11:28 PM
I have not had any issues with the DIR-855 - firmware ot otherwise. As I posted above it has extensive ACL's. I don't like DD-WRT so that isn't an issue. I used to use F-Prot for my network, but switched to MS Security Essentials when it was released. Most of my wireless is on the 5 GHz band. Even though my house is relatively radio opaque, it is reinforced concrete, interference from other networks is still an issue because of 36 feet of sliding glass doors. I have 6 SSID's in my house. Two are for guests.
Last edited by ua549; November 2nd, 2011 at 11:35 PM.
By Chris_Z in forum Network Security Discussions
Last Post: July 18th, 2003, 11:27 PM
By prodikal in forum AntiOnline's General Chit Chat
Last Post: November 8th, 2002, 01:06 AM
Last Post: July 15th, 2002, 04:46 AM
By Noble Hamlet in forum AntiOnline's General Chit Chat
Last Post: March 17th, 2002, 09:38 AM
By InsaneData in forum Security Archives
Last Post: January 6th, 2002, 01:50 AM