Discuss security setups and approaches here

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Re: Discuss security setups and approaches here

Post by ssj100 on 31/7/2010, 10:30

For whatever it's worth, I've added "debug.exe" to the SRP block list:
http://ssj100.fullsubject.com/free-for-all-f4/ssj100-s-security-setup-t4.htm#16

Apparently it can potentially be used as a vessel for execution. By default, this execution should be blocked by SRP, but why leave possibilities available when you're never going to use "debug.exe".

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Discuss security setups and approaches here

Post by ssj100 on 3/9/2010, 00:06

LoBy wrote:What do you think of implementing Windows XP Hardware Profiles just in case we screw up something? study
I personally use it right now, and think that for the not experienced user, it's a good advise, and a good step just in case they break their computer tweaking services.

Yes, I suppose that would be useful. However, I don't think anything beats a full image back-up.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Discuss security setups and approaches here

Post by ssj100 on 3/1/2011, 11:01

It appears that Sandboxie with the appropriate security approach (including the use of a sandboxed "explorer.exe") may be the only practical method of properly containing (and also defeating) malware that combines the following attack vectors:
1. Execution inside the memory of a trusted process
2. Execution without having to open the file (exploiting code within "explorer.exe")

Keep in mind usability/convenience versus security.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Discuss security setups and approaches here

Post by ssj100 on 4/1/2011, 00:35

Admin note: I'm hoping people will start using this thread (again) for comments like below (p2u's comment quoted below was taken from the "DefenseWall pitfalls" thread). Let me try to spice things up to encourage the use of this thread haha.

p2u wrote:P.S.: On a DefaultPermit system like Windows, rules for so-called "convenience" (actually a business model we have been trained and conditioned to follow) may always bypass security rules, even program restriction policies (file associations = programs linked to them). The architecture of Windows is insecure; MS has done a lot in the sense of "anti-user" and "anti-exploit" kind of measures, but as the saying goes: You cannot make a silk purse out of a sow's ear. That's why I urge everyone to rethink convenience vs. security.
It's not just about convenience, but also about usability. For example, what percentage of people do you know would accept viewing only ".txt" when they surf a web-site? Or, what percentage of people do you know would not watch YouTube because they think Flash is unsafe? What percentage of people don't leave their homes because they don't want to be "identified" or because they think the outside world is unsafe? Anxiety (a more gentle term than "paranoia") levels vary for different people - of course, when it starts affecting one's professional work and everyday living in a negative way, it starts becoming a psychiatric illness.

Double clicking a file (it takes about 0.25 seconds to do this the last time I checked haha) to open it is always going to be faster than having to go through the "Open With..." dialog box or context menu. This so called "business model we have been trained and conditioned to follow" is popular because it makes things more convenient and usable (in this context anyway). If it made things harder (or take longer), and there are easier (faster) alternatives, a lot of us would be following a different "business" model (which would no doubt also have its "flaws" for people to criticise - you can't keep everyone happy).

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Discuss security setups and approaches here

Post by wat0114 on 31/1/2011, 03:06

My Security Setup
Win 7 x64 Ultimate Desktop:


  1. Using LUA account as default
  2. UAC at highest level
  3. AppLocker with all rules, including DLL, enforced
  4. Windows Firewall with advanced security, inbound and outbound blocked by default, my own rules used in Public profile. Added for Chrome browser, a whitelist of ip address w/CIDR mask entries allowing all websites listed in my bookmarks, as well as a few others. Everything else including programs are blocked from network comms by default.
  5. EMET, with mainly web-facing and MS Office apps configured
  6. MBAM on-demand free (used sparingly)
  7. Autorun for all devices disabled
  8. Routine images of system using ShadowProtect RE disk, saving the images to two separate physical locations.
  9. All sensitive data kept on a TrueCrypt volume on h/drive and USB pendrive.
  10. the following additional services are disabled:
    • Secure Socket Tunneling service
    • IP Helper
    • Remote Access Connection Manager
    • SSDP Discovery service
    • TCP/IP NetBIOS Helper
    • Workstation
    • Function Discovery Resource Publication
    • WinHTTP Web Proxy Auto-Discovery service

  • SuRun, v1.2.0.9 – used only for convenience to easily launch some programs and Windows functionality with administrative priviledges.


  • My Security Approach

    Simply to utilize as much as possible what is already built-in to the O/S in a default-deny platform. The addition of EMET is an MS app, so it should integrate into the O/S without introducing any conflicts. The disabling of unneeded services should eliminate the chances of any of them being exploited. As for teh Chrome browser ip/CIDR mask restrictions, this is another whitelist approach that is certainly unconventional for the home pc user, but it works rather well for me, given my usual surfing of mostly my bookmarked sites. Common sense covers everything else Smile


    Last edited by wat0114 on 2/2/2011, 04:49; edited 3 times in total

    wat0114
    Advanced Member
    Advanced Member

    Posts : 152
    Join date : 2010-05-11

    View user profile

    Back to top Go down

    Re: Discuss security setups and approaches here

    Post by Rico on 31/1/2011, 06:20

    wat, there is one essential thing you forgot; configuring java/ flash whitelisted sites in Chrome.

    One more thing I already recommended; is the use of Sandboxie. It never conflicts with the system due to the developer's care and meticulous implementation - its so lightweight that you cant notice any footprint. Also if you restrict it enough, you can get rid of all of this Applocker configuration maddness. Essentially you have a fully and easily functioning system without the need to set anything up, yet your malware portal is essentially locked down and buried.

    Rico
    Advanced Member
    Advanced Member

    Posts : 118
    Join date : 2010-06-18

    View user profile

    Back to top Go down

    Re: Discuss security setups and approaches here

    Post by wat0114 on 31/1/2011, 07:14

    Rico wrote:wat, there is one essential thing you forgot; configuring java/ flash whitelisted sites in Chrome.

    I'm not sure what you mean?? I have all my bookmarked sites, even those that utilize java and flash, in the whitelist.

    One more thing I already recommended; is the use of Sandboxie. It never conflicts with the system due to the developer's care and meticulous implementation - its so lightweight that you cant notice any footprint.

    It's a terrific 3rd party security app, one I use on a few other pc's in the household, but not on this one.

    Also if you restrict it enough, you can get rid of all of this Applocker configuration maddness. Essentially you have a fully and easily functioning system without the need to set anything up, yet your malware portal is essentially locked down and buried.

    AppLocker is already setup and working perfectly, even though it took some time because of a learning curve. I'm very happy with it, and unless I find something better, it's a keeper Smile


    Last edited by wat0114 on 31/1/2011, 07:40; edited 1 time in total

    wat0114
    Advanced Member
    Advanced Member

    Posts : 152
    Join date : 2010-05-11

    View user profile

    Back to top Go down

    Re: Discuss security setups and approaches here

    Post by Rico on 31/1/2011, 07:27

    I am not saying Applocker isn't good, I am saying it takes quite a bit of work. Since you have it all setup its nice and danndy to use. But on other rigs where you dont have these default deny in place using Sandboxie with restrcitions is faster to accomplish the same if not more security.

    As for chrome, if you go to content options you will find the java whitelisted sites list Im talking about.

    Rico
    Advanced Member
    Advanced Member

    Posts : 118
    Join date : 2010-06-18

    View user profile

    Back to top Go down

    Re: Discuss security setups and approaches here

    Post by wat0114 on 31/1/2011, 07:50

    Rico wrote:I am not saying Applocker isn't good, I am saying it takes quite a bit of work. Since you have it all setup its nice and danndy to use. But on other rigs where you dont have these default deny in place using Sandboxie with restrcitions is faster to accomplish the same if not more security.

    It's a different means of security than Applocker or other anti-executable-type programs, although I won't argue the security merits it can provide when configured properly.

    As for chrome, if you go to content options you will find the java whitelisted sites list Im talking about.

    Oh, I see what you mean now. I'm not sure I'll bother because I feel what I've already got in place is more than enough.

    **EDIT** okay i changed my mind and will block javascript by default, allowing it on a per site basis. Thank you for your advice Smile

    Never mind...since i'm whitelisting all these sites - which I trust, I see no need to control javascript on them.

    wat0114
    Advanced Member
    Advanced Member

    Posts : 152
    Join date : 2010-05-11

    View user profile

    Back to top Go down

    Re: Discuss security setups and approaches here

    Post by p2u on 31/1/2011, 10:37

    My security approach: taking care of threat gates and attack vectors. A good firewall is a must because I don't want the workload for protection to depend on my internal defenses only. Autorun and Autoplay are disabled for all devices.

    Then I look at a freshly bought laptop with 77 (!) processes running and ask myself:
    * Do I need all this?
    * If no, can I remove it? -> Remove.
    * If no, can I disable it? -> Disable
    * Can I replace it with something less of an attack vector? - Replace.
    * Does it need access to the Net?
    -> Yes. Give it the minimum.
    -> No. Block it (=Do not set or remove "allow" rules in the firewall).

    The few programs I'm left with also have this kind of check list before "take off". If there are any functions that I really don't need or that may interfere with safe security practices, they are disabled or removed. For example in Firefox I disable prefetching, Google suggestions and auto-completion/autofill and remove all plugins FF loads from the system. I consider ANY type of file I did not request to be a tresspasser, that's why I block by default what I do not need, so I won't have to clean it up at the end of the browser session. This includes cookies (only allowed where I need authentication), images, stylesheets, etc. for which I configure whitelists. There is no support for Java and Flash. Java scripts are, of course, disabled and no exceptions configured. Sites that want to force me to enable javascripts are boycotted systematically and will not be missed, ever.

    Then I look at what the system itself has to offer in terms of security and enable those features (LUA/SRP etc.)

    Then I ask myself: Do I need any additional third-party security programs? The answer is: Since all threat gates and attack vectors have been taken care of and I am generally careful enough not to download risky stuff or give away my passwords in return for Phone sex, "No, until proven otherwise by newly designed types of attack".

    Paul

    p2u
    Valued Member
    Valued Member

    Posts : 211
    Join date : 2010-12-14

    View user profile

    Back to top Go down

    Re: Discuss security setups and approaches here

    Post by wat0114 on 2/2/2011, 04:53

    Decided to do away with the ip address w/CIDR mask restrictions on Chrome. It was a revolutionary concept Wink but I figured not really necessary, and it was not going to stop me from venturing to sites outside those restrictions anyway Smile All else remains as is.

    @Paul ...I like your security approach.

    wat0114
    Advanced Member
    Advanced Member

    Posts : 152
    Join date : 2010-05-11

    View user profile

    Back to top Go down

    Re: Discuss security setups and approaches here

    Post by Rico on 2/2/2011, 07:16

    p2u wrote:I am generally careful enough not to download risky stuff or give away my passwords in return for Phone sex

    Paul

    You would be amazed how many people aren't stupid enough to fall for that. Haha Very Happy

    Rico
    Advanced Member
    Advanced Member

    Posts : 118
    Join date : 2010-06-18

    View user profile

    Back to top Go down

    Re: Discuss security setups and approaches here

    Post by LoneWolf on 4/2/2011, 05:27

    Active
    Malware Defender 2.6.0
    Sandboxie 3.50

    Light Virtualization
    Shadow Defender 1.1.0.325

    On-Demand (once in a while)
    Hitman Pro
    Malwarebytes Anti-Malware

    OpenDNS
    Opera 11.01
    avatar
    LoneWolf
    New Member
    New Member

    Posts : 6
    Join date : 2010-05-14

    View user profile

    Back to top Go down

    Re: Discuss security setups and approaches here

    Post by ssj100 on 4/2/2011, 05:46

    LoneWolf, might be best to update to Sandboxie 3.52?

    _________________
    Sandboxie + LUA + SRP + DEP + SuRun
    Windows Firewall + NAT Router + IPSec (on-demand)
    VirtualBox (on-demand)
    Drive SnapShot (on-demand)
    avatar
    ssj100
    Administrator
    Administrator

    Posts : 1389
    Join date : 2010-04-14

    View user profile http://ssj100.fullsubject.com

    Back to top Go down

    Re: Discuss security setups and approaches here

    Post by LoneWolf on 14/3/2011, 08:43

    New setup.......

    Look'n'Stop 2.07
    Appguard 3.0.13.0
    Zemana 1.9.2.243
    Shadow Defender 1.1.0.325

    OpenDNS
    Opera 11.01
    avatar
    LoneWolf
    New Member
    New Member

    Posts : 6
    Join date : 2010-05-14

    View user profile

    Back to top Go down

    Re: Discuss security setups and approaches here

    Post by ssj100 on 25/9/2011, 02:37

    Regularly using Windows XP's built-in IPSec on-demand for whenever I do online banking nowadays. Working very nicely - can't think of anything more secure than restricting connections to only the bank IP address via Port 443 during a banking session.

    _________________
    Sandboxie + LUA + SRP + DEP + SuRun
    Windows Firewall + NAT Router + IPSec (on-demand)
    VirtualBox (on-demand)
    Drive SnapShot (on-demand)
    avatar
    ssj100
    Administrator
    Administrator

    Posts : 1389
    Join date : 2010-04-14

    View user profile http://ssj100.fullsubject.com

    Back to top Go down

    Re: Discuss security setups and approaches here

    Post by LoneWolf on 9/1/2012, 04:17

    DefenseWall 3.17

    Faronics Anti-Executable v2

    Shadow Defender 1.1.0.325

    Macrium Reflect Complete Edition 4.2

    System Explorer
    AdMuncher
    OpenDNS
    Opera


    Last edited by LoneWolf on 10/2/2012, 02:35; edited 1 time in total
    avatar
    LoneWolf
    New Member
    New Member

    Posts : 6
    Join date : 2010-05-14

    View user profile

    Back to top Go down

    Re: Discuss security setups and approaches here

    Post by wat0114 on 6/2/2012, 22:36

    Mostly unchanged from before, except a few system changes and now using Firefox:

    My security setup
    Win 7 x64 Ultimate Desktop:


    1. Using LUA account as default
    2. UAC at highest level
    3. AppLocker with all rules, including DLL, enforced
    4. Windows Firewall with advanced security, inbound and outbound blocked by default, restricting web-facing applications to specific remote ports and in some cases to remote ip addresses.
    5. EMET, with mainly web-facing and MS Office apps configured
    6. Waterfox 10.0.x w/NoScript and CookieMonster Add-ons
    7. Several Windows and MS Office settings hardened via configuration in Group Policy Editor - detailed info found here the settings aren't exactly as posted in that configuration, but they're very close to it.
    8. MBAM on-demand free (used sparingly)
    9. Routine images of system using ShadowProtect RE disk, saving the images to two separate physical locations.
    10. All sensitive data kept on a TrueCrypt volume on h/drive and USB pendrive, and also a bitlocker encrypted volume.

    the following services are disabled:
    • Secure Socket Tunneling service
    • Remote Access Connection Manager
    • SSDP Discovery service
    • TCP/IP NetBIOS Helper

      SuRun, v1.2.1.0 – used only for convenience to easily launch some programs and Windows functionality with administrative priviledges.


    *Note the use of free MBAM for on-demand only.


    Last edited by wat0114 on 27/2/2012, 00:45; edited 1 time in total

    wat0114
    Advanced Member
    Advanced Member

    Posts : 152
    Join date : 2010-05-11

    View user profile

    Back to top Go down

    Re: Discuss security setups and approaches here

    Post by Guest on 7/2/2012, 00:53

    I'm soon going to reformat my laptop. I'm going to install the English version of Windows 7 Ultimate SP1 x86. The reason being there are some Microsoft CTP (Community Technology Preview) applications, that can only be installed in the English version.

    One example being PowerShell 3.0 CTP.

    I'm still not sure if I'm going to also rebuild my core security, but I may just to include things like BitLocker and some other encryption tools such as AxCrypt and maybe TrueCrypt.

    But, basically it will come down to the following:

    Standard user account;
    UAC;
    Windows Firewall with Advanced Security;
    My tweaked Chromium profiles running with an explicit low integrity level;
    Other Internet facing apps running with an explicit medium integrity level, such as the download manager;
    AppLocker;
    Sandboxie - mostly to trap applications that I don't use that often to run in a sandbox dedicated to trap them. I don't feel like blocking them with AppLocker. I can achieve the same with Sandboxie by forcing those apps to run inside the sandbox, but without allowing those processes to initiate

    I also have a Tests folder where I allow execution with AppLocker, but it's trapped to run in Sandboxie. It's useful to test applications without having to whitelist the installers in AppLocker. It's both convenience and security.

    There will be other measures (mostly tweaks), but basically that will be my core security.

    Guest
    Guest


    Back to top Go down

    Re: Discuss security setups and approaches here

    Post by Sponsored content


    Sponsored content


    Back to top Go down

    Page 2 of 2 Previous  1, 2

    View previous topic View next topic Back to top

    - Similar topics

     
    Permissions in this forum:
    You cannot reply to topics in this forum