Tuesday, July 28, 2015

GSD Windows Defense in Depth Strategy

I noticed more than a few times I have posted a listing of the security posture I take and it has been almost a year since the last topic-specific post here.

So here you go. Tested and approved on Windows 7/8.1 platforms. Not sure yet on Win 10.

  1. TrueCrypt full disk encryption. Yes. I know. Development stopped mysteriously…blah.blah.blah. There are a number of free alternative WDE options for users if you wish (or Bitlocker if your Windows OS supports it) such as DiskCryptor or VeraCrypt. My purpose in using TrueCrypt/WDE is to protect the contents of our system from data-loss in the event the device is stolen. Period. (Note to self…I’ll probably have to do a full TrueCrypt disk decryption before doing the Win 10 upgrade. Hmm… gotta think about the options for WDE on Windows 10 carefully as Bitlocker only valid on one of my systems. Thoughts or recommendations anyone?)
  2. I’m using the built-in Windows Firewall product with (generally) default settings.
  3. I keep the Windows OS fully patched (drivers too as best I can) to minimize OS vulnerabilities.
  4. I keep any (remaining) third party plug-in software (such as Flash, Java, Silverlight, etc.) fully patched and install updates as soon as a new build version is released. However..see item 4.
  5. I have continued my march on removing Flash, Java, etc. plug-ins from our systems…with little ill impact. You can’t exploit what isn’t installed.
  6. Microsoft Security Essentials - Microsoft Windows. Far from the most robust or highly ranked, what I loose there I gain in the additional security layers below. Also the interface is easy to work with and manage and it plays well (thank goodness) with the additional security layers. My alternative choice would be Bitdefender Antivirus Free for those who need a super-duty AV product.
  7. Malwarebytes Anti-Malware & Internet Security Software - I use the “Premium” version on our systems. The free version is good too, however it doesn’t include “real-time” monitoring features.
  8. Malwarebytes Anti-Exploit Free - I use the free version of this tool as it covers all my primary concerns. Works great (as far as I can tell!) for zero-day exploits against (primarily) web-browsers.
  9. Enhanced Mitigation Experience Toolkit - EMET - Use of this anti-exploit platform is left for the more tech-savvy folks…particularly when combining with Malwarebytes Anti-Exploit. They can co-exist but takes some tweaking to harmonize with Internet Explorer in particular.
  10. CryptoPrevent Malware Prevention - Foolish IT - I use the free version to help protect all our home systems against ransomware/cryptoware threats.
  11. GlassWire - I use the free version of this firewall product for it’s logging features.
  12. Zemana AntiLogger Free - I’ve only recently found this product. It seems to be working well in the background.
  13. Process Explorer - Microsoft Sysinternals - I have this set to run in my system-tray automatically at login. It lets me quickly monitor and check on running processes and sub-processes. I check often so I can remain familiar with the normal running processes. If something new appears it should stand out to me and I can explore further.
  14. Sysmon - Microsoft Sysinternals - This core service runs in the background doing logging of process creations. I had turned on the network connection logging as well but there was so many entries, even with an event log manager utility it was hard sorting out the noise. So I turned off that option for now. This is mostly good for post-incident review work but it’s good to have running now.

If you are interested here are some previous GSD posts on this subject.

Constant Vigilance!

Claus Valca

No comments: