(Msg. 1) Posted: Wed Aug 20, 2008 12:38 pm
Post subject: Security discussion regarding hubs, firewalls, anti-virus and Vista Archived from groups: microsoft>public>windows>vista>security (more info?)
Security discussion
These are a very basic set of questions. Possibly there is an article
on the web that someone can point me to that fully addresses each of
these:
What security protection should I expect from:
a wireless hub/router
a software firewall
a software anti-virus, anti-trojan program
the security built into Vista
The reason I ask this is that I have a Linksys wireless hub with a WEP
code activated and I also had Zonealarm with Windows XP. I had my
files shared. I thought that the wireless hub should provide hardware
based security from anyone being able to "look" at my files and
anything behind the hub. I found that Zonealarm was giving me a lot
of warnings of malware and other outside people finding me and trying
to access my computer and that Zonealarm was stopping this. I don't
understand the Linksys hub's capabilities well enough to not ask "why
was the hub not keeping these outside intruders out?".
I now have Vista and the security it provides is suffocating. I have
a hard time accessing my own files on other computers on my network
and you need an ADVANCED IT degree to work around it. I would think
that you could provide a secure "knock'em dead" firewall with a
Linksys hub that would allow you to be "naked" behind the firewall so
you did not have to deal with security at all once you were safe
behind the Linksys firewall. I think this shows why I need to learn
all I can so I don't leave my UAC off (which it is right now). I
want security, but I want to run my business also.
(Msg. 2) Posted: Wed Aug 20, 2008 5:13 pm
Post subject: Re: Security discussion regarding hubs, firewalls, anti-virus and Vista Security [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
"eganders" <eganders.RemoveThis@yahoo.com> wrote in message
news:1ccbb3b6-01f3-40a2-83e2-ab2f7440b568@i76g2000hsf.googlegroups.com...
> Security discussion
>
> These are a very basic set of questions. Possibly there is an article
> on the web that someone can point me to that fully addresses each of
> these:
There are, and I'm sure some experts here will provide some
for you. I find wikipedia a good resource for this kind of thing.
> What security protection should I expect from:
>
> a wireless hub/router
At the very least it can be set to drop any incomming attempt
to set up a communications channel. If you run a server of some
sort, and you want to allow such an incomming connection you
"forward" that port. This does not affect two way communication
that was initiated by you i.e. 'outgoing' requests to the ISP's web
server or mail server and the incomming subsequent returns.
Also, these devices can run additional filtering software - and more.
These devices sit between you and the outside world and do not
depend on the integrity of your computer system. They are firewalls
because they compartmentalize the network similar to the way
actual firefighting firewalls do for a building.
> a software firewall
This is an attempt to get the functionality of the routers firewall
plus the additional filtering, plus other features onto the system
it hopes to protect. They depend on the integrity of the system
unlike the device above.
With mobile computing, it is a very good idea to have a software
firewall because you don't always have control over the router
or wireless access point when you travel - or for some reason
you another's Wi-Fi network such as a cafe 'hot spot'.
> a software anti-virus, anti-trojan program
These are two different things - although often lumped together.
Basically, you need both. In a way, the second detects malicious
(or otherwise bad) programs - and the first detects malicious (or
otherwise bad) programming code within an otherwise good
program. You could say that a virus is a replicating trojan - it
makes trojans out of pre-existing programs as it replicates into
them.
....from here it gets even murkier, so - you need both and you
might just as well have them combined into one in the form of
an 'on-access' or 'real time' or 'active' scanner. It wouldn't hurt
to have other detector programs that you run when you want
to 'on demand', but only one 'on access' scanner.
> the security built into Vista
This is too general to go into, as there are lots of good security
features built-in to Vista. My advice, don't circumvent any of
them. Better is to learn how to operate within the parameters
Vista have provided (which is what you are doing).
> The reason I ask this is that I have a Linksys wireless hub with a WEP
> code activated and I also had Zonealarm with Windows XP. I had my
> files shared. I thought that the wireless hub should provide hardware
> based security from anyone being able to "look" at my files and anything
> behind the hub.
Well, now you know that that assumption was wrong. )
> I found that Zonealarm was giving me a lot
> of warnings of malware and other outside people finding me and trying
> to access my computer and that Zonealarm was stopping this.
Like a dog barking at passing cars is "protecting" you from
possible intruders. ) Waking me up from a sound sleep
still rewards him with a pat on the head, so he keeps doing
it.
You can configure your software firewall to not do this I think.
(the dog is another matter) )
> I don't
> understand the Linksys hub's capabilities well enough to not ask "why
> was the hub not keeping these outside intruders out?".
Port forwarding? Subsequent (not init) packets? Local Area Network
(LAN) traffic from within your wireless network? This is why software
firewall applications are not completely worthless.
> I now have Vista and the security it provides is suffocating. I have
> a hard time accessing my own files on other computers on my network
> and you need an ADVANCED IT degree to work around it.
Previous MS OSes installed to provide a rich out-of-the-box
experience with servers running and just about every protocol
bound to every other protocol so that the user wouldn't have
to do anything 'advanced' to get anything done. It was a disaster
securitywise, although it probably did reduce the number of
support calls from users actually trying to do something.
Now it is more secure and it requires more of the user to work
within it - or to circumnavigate it. So it provides better default
security, and more customer complaints.
> I would think
> that you could provide a secure "knock'em dead" firewall with a
> Linksys hub that would allow you to be "naked" behind the firewall so
> you did not have to deal with security at all once you were safe
> behind the Linksys firewall.
The problem arises with the malware you invite in. That is the
subsequent packets and other unfiltered items.
> I think this shows why I need to learn
> all I can so I don't leave my UAC off (which it is right now). I
> want security, but I want to run my business also.
Read some Microsoft TechNet articles on UAC and LUA.
You seem to be very capable of learning how all this works.
(Msg. 3) Posted: Thu Aug 21, 2008 2:04 am
Post subject: Re: Security discussion regarding hubs, firewalls, anti-virus and Vista Security [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
"eganders" <eganders.TakeThisOut@yahoo.com> wrote in message
news:1ccbb3b6-01f3-40a2-83e2-ab2f7440b568@i76g2000hsf.googlegroups.com...
>
For the wireless you can do sometings to better protect your situation.
For the XP or Vista O/S, you need to further harden the O/S(s) to attack,
like use Authenticated user group on file shares, disable the Guest account
and remove Everyone off of files and folders, along with other things you
can do, etc, etc.
If you want to protect a business, then you need to come away from the
Linksys NAT router and step up to a low-end FW appliance, like a Watchguard,
Cisco, Snapgear, Sonicwall etc, etc those kind of solutions and not use a
NAT router for home usage. FW appliances cost a little more and are
affordable. You can even get a refurbished used one from reputable dealer
that has a warrantee from a reputable dealer, which you can call the
maufature to get names of dealers. A low end FW appliance is a plug it up
and go device that needs very little configuration on your part, like the
Linksys NAT router.
Here is some infromation to help you in your FW selection process.
(Msg. 4) Posted: Thu Aug 21, 2008 3:11 am
Post subject: Re: Security discussion regarding hubs, firewalls, anti-virus and Vista Security [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
On Wed, 20 Aug 2008 12:38:57 -0700 (PDT), eganders wrote:
> Security discussion
>
> These are a very basic set of questions. Possibly there is an article
> on the web that someone can point me to that fully addresses each of
> these:
>
> What security protection should I expect from:
>
> a wireless hub/router
>
> a software firewall
>
> a software anti-virus, anti-trojan program
>
> the security built into Vista
>
> The reason I ask this is that I have a Linksys wireless hub with a WEP
> code activated and I also had Zonealarm with Windows XP. I had my
> files shared. I thought that the wireless hub should provide hardware
> based security from anyone being able to "look" at my files and
> anything behind the hub. I found that Zonealarm was giving me a lot
> of warnings of malware and other outside people finding me and trying
> to access my computer and that Zonealarm was stopping this. I don't
> understand the Linksys hub's capabilities well enough to not ask "why
> was the hub not keeping these outside intruders out?".
>
> I now have Vista and the security it provides is suffocating. I have
> a hard time accessing my own files on other computers on my network
> and you need an ADVANCED IT degree to work around it. I would think
> that you could provide a secure "knock'em dead" firewall with a
> Linksys hub that would allow you to be "naked" behind the firewall so
> you did not have to deal with security at all once you were safe
> behind the Linksys firewall. I think this shows why I need to learn
> all I can so I don't leave my UAC off (which it is right now). I
> want security, but I want to run my business also.
*Security is a process not a product*.
(Bruce Schneier)
For Vista the most dependable defenses are:
1. Do not work in elevated level; Day-to-day work should be performed
while the User Account Control (UAC) is enabled.
2. Familiarize yourself with "Services Hardening in Windows Vista".
3. Don't expose services to public networks.
4. Keep your operating (OS) system (and all software on it)
updated/patched.
5. Reconsider the usage of IE.
5a.Secure (Harden) Internet Explorer.
6. Review your installed 3rd party software applications/utilities;
Remove clutter, *including* 3rd party software personal firewall
application (PFW) - the one which claims:
"It can stop/control malicious outbound traffic".
7. Activate the build-in firewall and tack together its advanced
configuration settings.
7a.If on high-speed internet connection use a router as well.
For the average homeuser it is suggested blocking both TCP and UDP
ports 135 ~ 139 and 445 on the router and implement countermeasures
against DNSChanger. (Is the Firmware of your router up-to-date?).
And (just in case) Wired Equivalent Privacy (WEP) has been superseded by
Wi-Fi Protected Access (WPA).
8. Routinely practice Safe-Hex.
Also ensure you do:
a. Regularly back-up data/files.
b. Familiarize yourself with crash recovery tools and with
re-installing your operating system (OS).
c. Utilize a real-time anti-virus application and vital system
monitoring utilities/applications.
d. Keep abreast of the latest developments.
And finally:
Most computer magazines and/or (computer) specialized websites are *biased*
i.e. heavily weighted towards the (advertisement) dollar almighty!
Therefore:
a. Be cautious selecting software applications touted in publications
relying on advertisement revenue.
b. Do take their *test-results* of various software with a
*considerable* amount of salt!
c. Which also applies to their *investigative* in-depth test reports
related to any software applications.
d. Investigate claims made by software manufacturer *prior* downloading
their software; Subscribing to noncommercial-type publications,
specialized newsgroups and/or fora (to some extend) are a great way
to find out the 'nitty-gritties' and to consider various options.
The least preferred defenses are:
Myriads of popular anti-whatever applications and staying ignorant.
(Msg. 5) Posted: Thu Aug 21, 2008 3:11 am
Post subject: Re: Security discussion regarding hubs, firewalls, anti-virus and Vista Security [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
> 7a.If on high-speed internet connection use a router as well.
> For the average homeuser it is suggested blocking both TCP and UDP
> ports 135 ~ 139 and 445 on the router
It really isn't necessary to create specific "block" rules. Nearly every
router does this automatically; they only permit traffic that's in reply to
some previous outbound request.
"Kayman" <kaymanDeleteThis RemoveThis @operamail.com> wrote in message
news:e15mmpxAJHA.756@TK2MSFTNGP02.phx.gbl...
> On Wed, 20 Aug 2008 12:38:57 -0700 (PDT), eganders wrote:
>
>> Security discussion
>>
>> These are a very basic set of questions. Possibly there is an article
>> on the web that someone can point me to that fully addresses each of
>> these:
>>
>> What security protection should I expect from:
>>
>> a wireless hub/router
>>
>> a software firewall
>>
>> a software anti-virus, anti-trojan program
>>
>> the security built into Vista
>>
>> The reason I ask this is that I have a Linksys wireless hub with a WEP
>> code activated and I also had Zonealarm with Windows XP. I had my
>> files shared. I thought that the wireless hub should provide hardware
>> based security from anyone being able to "look" at my files and
>> anything behind the hub. I found that Zonealarm was giving me a lot
>> of warnings of malware and other outside people finding me and trying
>> to access my computer and that Zonealarm was stopping this. I don't
>> understand the Linksys hub's capabilities well enough to not ask "why
>> was the hub not keeping these outside intruders out?".
>>
>> I now have Vista and the security it provides is suffocating. I have
>> a hard time accessing my own files on other computers on my network
>> and you need an ADVANCED IT degree to work around it. I would think
>> that you could provide a secure "knock'em dead" firewall with a
>> Linksys hub that would allow you to be "naked" behind the firewall so
>> you did not have to deal with security at all once you were safe
>> behind the Linksys firewall. I think this shows why I need to learn
>> all I can so I don't leave my UAC off (which it is right now). I
>> want security, but I want to run my business also.
>
> *Security is a process not a product*.
> (Bruce Schneier)
>
> For Vista the most dependable defenses are:
> 1. Do not work in elevated level; Day-to-day work should be performed
> while the User Account Control (UAC) is enabled.
> 2. Familiarize yourself with "Services Hardening in Windows Vista".
> 3. Don't expose services to public networks.
> 4. Keep your operating (OS) system (and all software on it)
> updated/patched.
> 5. Reconsider the usage of IE.
> 5a.Secure (Harden) Internet Explorer.
> 6. Review your installed 3rd party software applications/utilities;
> Remove clutter, *including* 3rd party software personal firewall
> application (PFW) - the one which claims:
> "It can stop/control malicious outbound traffic".
> 7. Activate the build-in firewall and tack together its advanced
> configuration settings.
> 7a.If on high-speed internet connection use a router as well.
> For the average homeuser it is suggested blocking both TCP and UDP
> ports 135 ~ 139 and 445 on the router and implement countermeasures
> against DNSChanger. (Is the Firmware of your router up-to-date?).
> And (just in case) Wired Equivalent Privacy (WEP) has been superseded by
> Wi-Fi Protected Access (WPA).
> 8. Routinely practice Safe-Hex.
>
> Also ensure you do:
> a. Regularly back-up data/files.
> b. Familiarize yourself with crash recovery tools and with
> re-installing your operating system (OS).
> c. Utilize a real-time anti-virus application and vital system
> monitoring utilities/applications.
> d. Keep abreast of the latest developments.
>
> And finally:
> Most computer magazines and/or (computer) specialized websites are
> *biased*
> i.e. heavily weighted towards the (advertisement) dollar almighty!
> Therefore:
> a. Be cautious selecting software applications touted in publications
> relying on advertisement revenue.
> b. Do take their *test-results* of various software with a
> *considerable* amount of salt!
> c. Which also applies to their *investigative* in-depth test reports
> related to any software applications.
> d. Investigate claims made by software manufacturer *prior* downloading
> their software; Subscribing to noncommercial-type publications,
> specialized newsgroups and/or fora (to some extend) are a great way
> to find out the 'nitty-gritties' and to consider various options.
>
> The least preferred defenses are:
> Myriads of popular anti-whatever applications and staying ignorant.
(Msg. 6) Posted: Thu Aug 21, 2008 10:36 am
Post subject: Re: Security discussion regarding hubs, firewalls, anti-virus and VistaSecurity [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
My take is as follows; Protect myself from crawling threats on the
internet by a dedicated firewall, protect myself from software threats
with antivirus/malware protection. If those two factors are properly
setup, all other securitymeasures are redundant and wastes resources.
Perhaps I suffer from a 1% higher risk of infection over a period of a
few years, but it doesn't seem so this far. I have disabled all the
securityfeatures of windows, because I don't see a need for them. I
wouldn't do this to a systemcritical computer or if I had sensitive
information on the computer though, but this is a computer for games and
internet... If it goes down, I reinstall it (hasn't happened yet...).
Linux firewalls are free and safe enough to use for business if setup
with the right knowledge.
Most new routers come with SPI (stateful packet inspection) which only
accepts incoming traffic from servers you sent outgoing traffic to, and
that's usually enough for protection at home.
(Msg. 7) Posted: Thu Aug 21, 2008 4:26 pm
Post subject: Re: Security discussion regarding hubs, firewalls, anti-virus and Vista Security [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
On Wed, 20 Aug 2008 18:14:23 -0700, Steve Riley [MSFT] wrote:
>> 7a.If on high-speed internet connection use a router as well.
>> For the average homeuser it is suggested blocking both TCP and UDP
>> ports 135 ~ 139 and 445 on the router
>
> It really isn't necessary to create specific "block" rules. Nearly every
> router does this automatically; they only permit traffic that's in reply to
> some previous outbound request.
Thanks for commenting on #7a.
Admittedly, I am not familiar with all types/makes of (small busines/home
user) routers available.
Are you saying to drop this comment completely or, since it is possible
that some users may employ routers which will not automatically block the
said ports, is paraphrasing the comment sufficient for the purpose?
(Msg. 8) Posted: Thu Aug 21, 2008 4:26 pm
Post subject: Re: Security discussion regarding hubs, firewalls, anti-virus and Vista Security [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
I haven't seen a router with default-allow in years -- stuff you buy now is
configured default-deny (in the inbound direction), so everything's blocked
except:
* inbound reply traffic
* inbound traffic that matches a rule you wrote
"Kayman" <kaymanDeleteThis.DeleteThis@operamail.com> wrote in message
news:#L42OA3AJHA.4064@TK2MSFTNGP02.phx.gbl...
> On Wed, 20 Aug 2008 18:14:23 -0700, Steve Riley [MSFT] wrote:
>
>>> 7a.If on high-speed internet connection use a router as well.
>>> For the average homeuser it is suggested blocking both TCP and UDP
>>> ports 135 ~ 139 and 445 on the router
>>
>> It really isn't necessary to create specific "block" rules. Nearly every
>> router does this automatically; they only permit traffic that's in reply
>> to
>> some previous outbound request.
>
> Thanks for commenting on #7a.
> Admittedly, I am not familiar with all types/makes of (small busines/home
> user) routers available.
> Are you saying to drop this comment completely or, since it is possible
> that some users may employ routers which will not automatically block the
> said ports, is paraphrasing the comment sufficient for the purpose?
All times are: Eastern Time (US & Canada) (change) Goto page 1, 2
Page 1 of 2
You can post new topics in this forum You can reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Home
Forums
Home
FAQ
Profile
Private Messages
Log in
)
Windows Vista