Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Are You Protecting Your Computers?

Posted by Cliff on from the what-steps-are-you-taking dept.

b0m8ad1l asks: "I'm wondering what AV, software/hardware firewalls Slashdot readers are using these days. I remember another Ask Slashdot a long time ago, but i'm curious as to how everyone is keeping up with the times. I'm using Kaspersky AV, Sygate Personal Firewall Pro, behind a Netgear RP114 router"

7 of 193 comments (clear)

  1. Home setup by consolidatedbord · · Score: 5, Interesting

    Yes, it's a bit of damn overkill for a home setup, but you can never be too safe. :)

    -cable modem->linux 2.4 kernel router running iptables
    -norton antivirus corporate edition
    -Microsoft Software Update Services for the Windows boxes
    -iptables for the Linux boxes
    -ntop and snort for traffic monitoring
    -I have a WRT54G that I don't use for routing anymore, just as a bridge. Anything that I use over wireless is done over ssh. Host connection, bank account checking, email, vpn to work, etc.
    -various other utilities to monitor tcp/ip traffic
    -good old fashioned obsessive tailing of logfiles along with vgrep
    :)

    --
    while true ; do echo this is my sig; done
  2. Re:You forgot the web browser (Firefox) by venomkid · · Score: 3, Interesting

    Well, you could go so far as to say (correctly) that by inviting any data into your computer, you're less secure. Even by plugging in a network cable and letting it sit there you're less secure.

    "Scripts or not" doesn't help when something like the recent GDI debacle occurs.

    The trick is in finding a balance that keeps you safe enough from attack but open enough to do what you want to do.

    So far, considering how fast they put out updates and how many exploits the leading browser has, I think Firefox does a pretty good job of this.

    --
    vk.
  3. Re:vmlinuz by NanoGator · · Score: 3, Interesting

    "I don't know what you mean by "suddenly disappear" (it certainly wasn't in reference to anything I stated in my post)."

    I apologize if I have misinterpreted your meaning, but your post does read that way.

    "If you run Linux (or OS X, which you left out in your reply), your odds of being cracked/spywared drop low enough that it's not really worth fretting over--even if you don't turn on the built-in firewalls (which are infinitely superior to the Windows built-in firewall)."

    I left out OSX only because he cannot install OSX on a Windows machine.

    As for the odds being low, that doesn't really help, does it? You still have to regularly install updates to Linux and the apps you run on top of it, Mozilla for example. I found this out myself. Buying all of Slashdot's hype that Linux is secure, I built a Linux webserver for my company. 2 weeks later it was rooted. Our newly hired Linux expert had to rebuild it 'securely'. Thankfully for them, they had him on hand to clean up the mess caused by my incompetance.

    "So while you may be playing the pedant card and using language that is "technically correct", you have added more confusion than clarification to the issue. I hope you don't mean that Windows, Linux, and Mac OS X are all equally crackable. If you aren't careful, you can end up with a cracked XP system during the install process, what a joke!"

    My only real point is that you have to be vigilant either way. It's a question of whether or not it's 'worth the fuss'. Interestingly enough, Windows' highly publicized insecurity has lead to some interesting developments such as auto-updating virus protection and Windows Update itself. If Linux doesn't have these, it needs them, especially when it reaches enough users for worms etc to really be an issue.

    I'll put it another way: I'm a Windows user. I have several machines I have to take care of. I don't have problems with exploits trojans or spyware. Once in a great while something will come along. I take care of it, bfd. I spent more time building the ill-fated Linux/Apache server than I have in a year of maintaining exploit-related Windows problems.

    --
    "Derp de derp."
  4. Old PC running Devil-Linux boot CD-ROM .. by torpor · · Score: 4, Interesting

    .. which also doubles as my Squid proxy/cache and DNS machine ..

    Gotta say, I love the bootCD firewall solutions. Pretty darn hard to beat ...

    --
    ; -- the corruption of government starts with its secrets. a truly free people keep no secrets. --
  5. Re:K.I.S.S. - always been and always will be best by CaptainCheese · · Score: 3, Interesting

    IPSEC can be brute brute-forced and/or dictionary attacked, just like anything can... and IPtables are the same, if the cracker can assume any neccessary IP address and remain adressable. Whereas a net based attack must come from a correctly addressed (even if it's a compromised 3rd party) machine, or the packets will simply never return to the attacker.

    You are comparatively safe with IPsec, however this is just because five people down the block don't know what it is, making them a softer target.

    Anyone who really wants in to a cable based LAN has to find a place to jack in, and you're fitting a metaphorical socket to your front door.

    Of course, any external networking connections are inherently insecure compared to none - physical security is the best security layer, But I doubt many /. readers are using that policy.

    --
    -- .sigs are a waste of data...turn them off...
  6. Why TightVNC? Other questions. by Futurepower(R) · · Score: 3, Interesting


    Many questions:

    Why did you choose TightVNC? Why not RealVNC, UltraVNC, or TridiaVNC?

    Is it better to pay for VNC software, like Tridia VNC Pro or Radmin? Which software has video resolution scaling of the remote desktop?

    What security is best? Is it good to use a VPN for secure access, or is SSH better? What Windows SSH server do you use?

    What VPN hardware is best? We bought a NetGear FVS318 hardware firewall/router/VPN for a customer, and discovered that the remote administration password is openly transmitted. We found that logging out in the remote administration menu didn't always actually log out. We found Javascript errors. With the 2.4 firmware, more than one client can be logged in at the same time. That situation, two clients at the same time, would give an error message with the 2.3 firmware, so things seem to be going backward in some ways, in firmware that is already shaky. Our experience with Netgear technical support is that it is very limited. On the telephone we got someone in Tamil Nadu, India, who was allowed to practice for a short time with Netgear equipment, but who doesn't any longer have access to actual equipment. The online tech support just gave error messages. Not only that, but Fry's and Netgear arranged a rebate trick. They have a very long rebate receipt, and ask you to enter your address both at the top and at the bottom. If you don't enter it at the bottom, they deny your rebate.

  7. truly wonderful firewall by nusratt · · Score: 4, Interesting

    -- Agnitum.com's "Outpost" firewall, with all kinds of free plug-ins which let me control -- on a PER-DOMAIN basis -- things like scripts, activeX, java, referrers, etc. Also controls those things separately for http vs mail vs news.
    Tried it on trial, liked it so much I paid for it. :o

    -- McAfee VirusScan, because I got it free (corporate) and it seems to work ok.

    -- on another system, english.mks.com.pl "mks_vir", which has recently been favorably reviewed for its dynamic adaptablility to not-yet-signatured new threats.

    -- SpyBot, AdAware