+ Reply to Thread
Results 1 to 14 of 14
  1. Sith Lord SephStorm's Avatar
    Join Date
    Dec 2009
    Location
    Atlanta, GA
    Posts
    1,706

    Certifications
    GPEN, GCIH, SFCP, CPT, CEH, QND
    #1

    Default Your current security setup?

    I started thinking again today, at setting up a multi-layered defense at home. Not out of any real need, but just a desire. I've always wanted to try out some good combos, combining software to make a near unbeatable home security combo. So does anyone have any suggestions? Security software reviews are out, so feel free to use that data, as well as your personal testing. Keep in mind, I run a primarily windows environment.

    Categories I am particularly interested in:
    Firewall
    Proxy
    HIDS/PS
    NIDS/PS
    Anti-malware
    any software to manage all the data from the various tools.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member Expect's Avatar
    Join Date
    Jul 2013
    Location
    Canada
    Posts
    247
    #2
    Do you have any lab set up at home you wish to protect? do you host a web server / file server at home? any kind of network services exposed to the wan?
    if not, then I'm not sure I see any value in it except for hands on practice, of course it's nice to protect your network, but if you're not running anything critical, then the chances are you will not get hacked if you're an advanced user.
    anyways, for the sake of the thread, except the router firewall with WPA2 wifi enabled, and local updated anti viruses on the 2 laptops, I don't have anything special.
    1 laptop runs regular school stuff of my GF, and my computer has penetration tools and environments on it.
    Last edited by Expect; 12-21-2013 at 07:17 PM.
    Reply With Quote Quote  

  4. 1337sauce
    Join Date
    Jul 2011
    Location
    Ze South
    Posts
    1,539

    Certifications
    BS, Linux+, Security+, LPIC-1, MCSE Server 2012, MCSE Desktop, MCSA Server 2008, MCTS 70-[415,681], MCTS 74-409, VCA-DCV, Novell CLA/DCTS/CNS, HDI CSR
    #3
    Some good/free suggestions I have are the following:
    Proxy: Squid
    IDS/IPS: Snort
    Anti-malware: Malwarebytes
    Log management: Splunk
    Malware analysis: sandboxed Cuckoo

    I've dealt with various software/hardware based firewalls but they're all proprietary so aside from Windows firewall/'Nix IPTables, I am not familiar with any open source firewall to play with
    Reply With Quote Quote  

  5. Member
    Join Date
    Dec 2013
    Location
    Columbia, MD
    Posts
    33

    Certifications
    B.S. - Cybersecurity, SCP, Security+
    #4
    For a firewall, I have used comodo before and have also read good things about it. Eventually, I switched back to good ole windows firewall
    IDS - Snort
    Anti-malware - I use malwarebytes pro edition. Love it and see it recommended all over the place as a personal anti-malware program (their free edition is good too)
    I usually don't use proxies, but a VPN. However, I have played around with Tor for web browsing and it is pretty neat.

    Some other things to consider are system hardening techniques as well as wireless security (if you are using wireless). Typical best practices for wireless can include disabling SSID and using WPAv2 since WEP has known weaknesses. Also, always remember to make strong passwords . lowercase and upper case, min 8 chars, numbers, symbols, the whole shabang.

    Sorry for the bleh response. I am short on time, but just wanted to give 2 cents on this topic.
    Last edited by proph21; 12-21-2013 at 08:35 PM.
    Reply With Quote Quote  

  6. Packet Monkey
    Join Date
    May 2012
    Posts
    276
    #5
    Lots of people like the pf firewall from BSD, so that might be worth a try.
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Oct 2012
    Location
    Lexington, KY
    Posts
    534

    Certifications
    CISSP, GMON
    #6
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Dec 2011
    Location
    Texas
    Posts
    153

    Certifications
    GCIH, GCIA, CCNA:S, CCNA, Sec+, A+
    #7
    Firewall - PfSense
    NIDS - Snort + snorby
    HIDS - Ossec (OSSEC | Home | Open Source SECurity)
    Log Manager - Splunk
    Anti-malware - Malwarebytes
    Malware Analysis - Proxmox VM running diff versions of OS with fakenet installed.

    one thing I want to try is get a Firebox X700 device and install pfsense on it. ( Successful Install on Watchguard Firebox X700!)
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Feb 2012
    Posts
    2,426
    #8
    Some of the things that I use/play with:

    Remote access: OpenVPN
    Vulnerability scanner: OpenVAS
    Firewall: M0nowall
    IDS: Snort
    Mail scanning: ClamAV (I don't use it anymore but I've deployed it in the past)
    SIEM: Started playing around with OSSIM
    Reply With Quote Quote  

  10. Sith Lord SephStorm's Avatar
    Join Date
    Dec 2009
    Location
    Atlanta, GA
    Posts
    1,706

    Certifications
    GPEN, GCIH, SFCP, CPT, CEH, QND
    #9
    thanks all. One thing i've never understood is Ossec. I've read into it a bit, but something hasn't clicked. Looking at the wiki article, I think it was the requirement for a Linux server. Throwing a few ideas around in my head. Big problem right now is the increase in my use of wireless. I'd have to move to wired only to make a realistic change over...

    So a question, what front end would you use for snort on a windows system?
    Last edited by SephStorm; 12-21-2013 at 11:20 PM.
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Oct 2013
    Location
    Washington DC
    Posts
    498

    Certifications
    OSCP, eMAPT, eWPT, CISSP, GPEN, GWAPT, GCIH, GCIA, GSEC, CEH, CNDA, ECSA, CHFI, Sec+, Net+
    #10
    Quote Originally Posted by SephStorm View Post
    I started thinking again today
    Be careful doing that...it can be dangerous .

    If you are looking for open-source options Snort and ClamAV are big ones.

    For malware analysis, I've always just used VMs with a combination of system analysis (registry, memory dump, file system, listening and established connections) tools and network traffic analysis with Wireshark or TCPdump. You will get more out of it if you actually interact with it hands-on...instead of using trigger happy sandboxes that are built for the purpose of streamlining analysis by jumping through hoops (my personal opinion).

    On the IDS side of things, I was at B-Sides DC this year and they had a demo for a pretty cool product that I hadn't seen before (and I see a lot of environments working in consulting). I haven't had a chance to play with it much since then but its open source, provides application layer inspection for a large number of protocols and is supposedly very flexible and interfaces with a lot of industry products. Might be worth looking into. Its called Bro-IDS (The Bro Network Security Monitor)
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    Dec 2011
    Location
    Texas
    Posts
    153

    Certifications
    GCIH, GCIA, CCNA:S, CCNA, Sec+, A+
    #11
    Reply With Quote Quote  

  13. Sith Lord SephStorm's Avatar
    Join Date
    Dec 2009
    Location
    Atlanta, GA
    Posts
    1,706

    Certifications
    GPEN, GCIH, SFCP, CPT, CEH, QND
    #12
    Ugh, OSSIM is going to be annoying. looks like I'll need a separate box to run it, I see some used VMWare, but I dont have ESXi per the requirements for the appliance. Any ideas?
    Reply With Quote Quote  

  14. Senior Member
    Join Date
    Dec 2011
    Location
    Texas
    Posts
    153

    Certifications
    GCIH, GCIA, CCNA:S, CCNA, Sec+, A+
    #13
    I use proxmox for my virtual environment.

    Virtualization
    Reply With Quote Quote  

  15. Sith Lord SephStorm's Avatar
    Join Date
    Dec 2009
    Location
    Atlanta, GA
    Posts
    1,706

    Certifications
    GPEN, GCIH, SFCP, CPT, CEH, QND
    #14
    I just don't know if I can virtualize hardware that meets the specs... 8 gb ram, multi-core, multi-nic system. I could sacrifice a machine, but i'd have to move back to linux, which never lasts long in my world... I suppose I could dual boot.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks