Saturday, August 02, 2014

The Valca Layered Security Experiment

Some notes on the current layered security approach I’m using on my laptop (Win 7) as well as Lavie’s (Win 8.1).

I keep the Microsoft OS’s regularly patched with all available MS updates.

I am using Windows Firewall for ease of administration rather than one of the multitudes of alternative (and more feature packed) firewall solutions. It’s strange as I used to be pretty heavy into the alternative firewall thing around this blog in the past. WF works well enough.

I don’t run Shockwave or Air any more.

I update Flash, Java, and regularly run Qualys BrowserCheck and the Secunia Software Inspector to look for critical software updates for these common threat vectors.

I do still run Microsoft Security Essentials despite having tried Bitdefender Antivirus Free and AVG Free Antivirus. They did great but the whitelisting was a pain and less than smooth.

I run Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) just updated to the final public release 5.0 version. I take the defaults (for now). More info below.

I “inoculate” our systems against Crypto-type malware using CryptoPrevent from Foolish IT LLC.

Recently I ponied up the $ for a few lifetime licenses of Malwarebytes Premium anti-malware and Internet security software. The new 2.0 version still needs some polish but performance is great and Lavie gets so exited when her nightly scans come back clean. Not sure why. It plays wonderfully with MSSE.

Malwarebytes recently released a supportive product called Malwarebytes Anti-Exploit

It works by monitoring your system for zero-day exploits attacking your browser and other commonly found software. The free version just protects the web-browsers and Java, while the Premium version protects PDF readers, Microsoft office applications, medial players, and allows for creation of custom shields. It reminded be a bit of an old PCTools product (now retired) called ThreatFire. I’m not linking to it since it is old but you can search if you are curious.

I’ve not yet applied it to our “production” systems, but am running it on a Windows 7 Enterprise VM system that also has EMET 5.0 and AVG Free protection. Early alpha/beta versions did have conflicts with EMET but this public version seems to work fine with it. So far so stable. Once I am comfortable with it, I may try it on our primary laptops.

What else?

The HDD is “protected” with the last working version of TrueCrypt. Yes I know all about the drama.

As I have said, my primary concern is data loss from burglary or theft, less so from the multi-letter agencies.  When I get around to upgrading to a 1 TB SSD hard drive (prices please drop!) I may plunge in and do an upgrade to Windows 8.whatever at a level that would support Bitlocker so I could get off TrueCrypt. But that’s activity for a different day.

The take away here is that I’m keeping my systems updated and that I’ve layered the defenses. It’s become much more work than most standard users would do, but instead of fishing for a hobby, I sysadmin.


--Claus Valca


1 comment:

Attila-Mihaly Balazs said...

I would like to add three more things to that list:

- run as standard user not as power / admin (although with UAC this is less and less important, it's still good practice)
- backups! frequent backups, both locally (ie. on the computer), on site and off site
- use applocker to disallow the running of programs from non-standard locations (ie Program Files, Windows, etc). Together with (1) this means that even if a malicious executable gets onto the system it can't execute because it can't write to the privileged locations and execution isn't enabled from anywhere else.

Other than that I would drop all the third party security products (I've seen vendors mess up too frequently and causing all kinds of weird side-effects) and stick to the essentials (like Microsoft Essentials :-)) + Secunia PSI (which at least doesn't hook into the system at a low level, so it shouldn't affect stability).