Since switching, my PC has slowed down a little bit in terms of web browsing, but I think that is probably due to the firewall and antivirus
live monitoring conflicting with each other(which can be configured), and they are probably still "learning" what's ok and what's not. What do the
security experts out there have to say? I mostly depend on common sense as apposed to any technical security know-how to keep myself safe, but I'd be
interested to hear what they have to say.
If you want a real sense of security, you should leave windows entirely and move to open-source software which is actually free, in a sense that the
content and sources of the programs are publicly readable. I do not understand how people can put trust into software which is closed source and deals
with "security", i find it quite laughable.
It may seem like a very tedious task, and lots of learning to do if you are unfamiliar with securing a network and any computers it houses (or even
more, unfamiliar with linux/unix as a whole)... but the fact is there is no such thing as instant security (or 100% security for a matter of fact).
The more you get to know your system and what it is doing, by telling your computer what to do beforehand is one of the most important things in
maintaining a "clean" and secure environment.
This is something which just cannot be done with windows, and it's "free" closed source software packages, as it's almost impossible to understand or
learn how windows and most of its software operates internally.
If you want to take it seriously, ideally using a common GNU/Linux distribution (if you have never used one before i would recommend
debian 'stable' ), after making sure the system is entirely upto date all you would really need is this
software:
Squid
Snort
iptables
nmap
rkhunter <-- doesn't hurt to run this once in a while
It would be wise to setup a transparent proxy on your local network that can filter out unwanted traffic to your computers (for example running a
squid proxy with filter rules on a router acting as a firewall).
eg:
www.dd-wrt.com...
You can configure it to block lists of known rogue domains/servers (for example peerguardian / bluetack lists).
You would also want to setup a strong firewall to deny all incoming traffic by default and harden the default ipv4 settings (file: /etc/sysctl.conf)
for example, what i use:
pastie.org...
Disable all publicly facing services unless you absolutely need them (mail server, ftp, vnc... etc). you can check if this is setup correctly by
running nmap from a seperate computer on the network.
Another thing you could do is run a nids/ids setup ((network-)instrusion detection system) by using something such as snort:
www.snort.org...
Many guides out there such as this one on how to get it up and running:
www.aboutdebian.com...
Best part of all of this it will be unnoticeable as to any "slow downs" by running such a setup.
The problem i have with anti-virus software is that, it is literally useless. The goal of securing a system is to disallow access to a computer or
network so that malicious files or webpages cannot be loaded onto it. this is why its important to be running a seperate firewall and ids system on a
seperate piece of hardware such as a firewalled router.
Besides, there is no point going to all that trouble at creating such a secure setup if the intention is to allow users to browse facebook, twitter
and use software involving adobe "technologies" which are well known to provide massive gaping holes in any system.
But hey, just putting this out there for anyone who is interested. It's very much worth the time and saves alot of trouble later on in the event
someone does try to "crack" into your network/computers.
edit on 3/4/2012 by InsideYourMind because: (no reason given)
