How Are You Protecting Your Computers?

b0m8ad1l asks: "I'm wondering what AV, software/hardware firewalls Slashdot readers are using these days. I remember another Ask Slashdot a long time ago, but i'm curious as to how everyone is keeping up with the times. I'm using Kaspersky AV, Sygate Personal Firewall Pro, behind a Netgear RP114 router"

Re:K.I.S.S. - always been and always will be best

[bushidocoder]

Gonna have to call you out on wireless networks. Wireless networks are bad iff you don't know how to configure them right. 802.11g with WPA with preshared public keys is pretty safe. Can it be cracked? Yes. But then again, so can SSL, SSH, PGP and every other encrypted data you throw out there in due time.

The key to proper wireless setup is to associate different levels of trust between the wired and unwired components. Require WPA. Most household wireless routers allow you to specify a physical address list for visiting assets - do not allow unregistered MAC addresses to join your network. Have the wired network use a different subnet than your wireless network, so that the IPSecurity policies on your wired boxes can be set to prohibit access to the wireless agents on your house. Also, some routers let you set firewall rules between your wired and wireless subnets.

Audit everything. Everything. Disk space is cheap.

Also, run a packet sniffer on your wireless network. I once had a Netgear wireless router that would broadcast packets wired computers had sent it to route to the public internet across the wireless network - it had no concept of how to route correctly. If that's happening, throw that PoS away and get a real router.

Can this be compromised? Yes, but it requires breaking through various levels of real, cryptographically enforced security. Remember that only one part of information security is denying access to intruders because at the end of the day, the most locked down boxes plugged into a network can still be hacked. You must be constantly vigilant to detect intruders as they attempt access, you must have a recovery plan if you are compromised (everyone needs AV software and an individual firewall on each computer behind the NAT firewall), and must be sufficiently auditted that you can trace access attempts back to the source. Watch your wireless traffic - with this type of security, in the very very remote chance you are compromised, its going to take a long while. Is someone trying a variety of network attacks on your wireless network? If so, I've got good news - rule out that its not someone in a car outside, and you can pinpoint it pretty quick down to a neighbor. Talk to them if you think its their 16 year old punk teen, call the police, leave a note on their door with a picture of Sauron's eye saying they need to be more sneaky, whatever.