Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Are You Protecting Your Computers?

Posted by Cliff on from the what-steps-are-you-taking dept.

b0m8ad1l asks: "I'm wondering what AV, software/hardware firewalls Slashdot readers are using these days. I remember another Ask Slashdot a long time ago, but i'm curious as to how everyone is keeping up with the times. I'm using Kaspersky AV, Sygate Personal Firewall Pro, behind a Netgear RP114 router"

6 of 193 comments (clear)

  1. If I told you... by Tim_F · · Score: 5, Funny

    The slashdot editors would have all the information they'd need to hack me...

  2. Home setup by consolidatedbord · · Score: 5, Interesting

    Yes, it's a bit of damn overkill for a home setup, but you can never be too safe. :)

    -cable modem->linux 2.4 kernel router running iptables
    -norton antivirus corporate edition
    -Microsoft Software Update Services for the Windows boxes
    -iptables for the Linux boxes
    -ntop and snort for traffic monitoring
    -I have a WRT54G that I don't use for routing anymore, just as a bridge. Anything that I use over wireless is done over ssh. Host connection, bank account checking, email, vpn to work, etc.
    -various other utilities to monitor tcp/ip traffic
    -good old fashioned obsessive tailing of logfiles along with vgrep
    :)

    --
    while true ; do echo this is my sig; done
  3. Ok, fine, I'll bite... by MachDelta · · Score: 5, Insightful
    Goddamn. The things people do to run Windows... It makes me glad I use Linux.
    Oh come on, lets not be hypocritical here. I seriously doubt anyone can say they've done a fresh install of *distro-of-choice* and not spent some time tweaking things to get their system into a fully usable state.
    Everyone does it, and just because one person has to install a firewall and another person has to hunt down drivers doesn't make either person superior to the other. Yeah I know, this is slashdot, where "Windows sux and Linux rulez", but if we're going to be asking serious questions we might as well be giving serious answers.

    Myself, I use KPF and AVG, with AdAware on the side. Fortunatly, these three programs don't have much to do, thanks to Firefox and my cheap yet trusty DI-604 router. I'm actually going to be putting together a box for my parents this weekend too, so i've been busy loading up my USB flash drive with some of the aforementioned programs, and other first boot goodies. And if i'm lucky, my parents will turn over custody of their old computer (an aging P3-500) to me, which I hope to turn into my very first Linux box to muck around on. Then i'll get to experience the numerous pains-in-the-ass of both worlds! Should be fun. :)
  4. Tin Foil and DuctTape by Sean+Johnson · · Score: 5, Funny

    I completely covered my PC with it. There`s no airlow, but at least it`s safe. I also sprinkled some holy water on it for good measure. Those Nazis will never get to my PC now.

    --
    >>>>>> Chewie, take the professor in the back and plug him into the hyperdrive.
  5. Hmm by Vokbain · · Score: 5, Funny

    I bought a Macintosh ^_^

  6. Re:K.I.S.S. - always been and always will be best by bushidocoder · · Score: 5, Informative

    Gonna have to call you out on wireless networks. Wireless networks are bad iff you don't know how to configure them right. 802.11g with WPA with preshared public keys is pretty safe. Can it be cracked? Yes. But then again, so can SSL, SSH, PGP and every other encrypted data you throw out there in due time.

    The key to proper wireless setup is to associate different levels of trust between the wired and unwired components. Require WPA. Most household wireless routers allow you to specify a physical address list for visiting assets - do not allow unregistered MAC addresses to join your network. Have the wired network use a different subnet than your wireless network, so that the IPSecurity policies on your wired boxes can be set to prohibit access to the wireless agents on your house. Also, some routers let you set firewall rules between your wired and wireless subnets.

    Audit everything. Everything. Disk space is cheap.

    Also, run a packet sniffer on your wireless network. I once had a Netgear wireless router that would broadcast packets wired computers had sent it to route to the public internet across the wireless network - it had no concept of how to route correctly. If that's happening, throw that PoS away and get a real router.

    Can this be compromised? Yes, but it requires breaking through various levels of real, cryptographically enforced security. Remember that only one part of information security is denying access to intruders because at the end of the day, the most locked down boxes plugged into a network can still be hacked. You must be constantly vigilant to detect intruders as they attempt access, you must have a recovery plan if you are compromised (everyone needs AV software and an individual firewall on each computer behind the NAT firewall), and must be sufficiently auditted that you can trace access attempts back to the source. Watch your wireless traffic - with this type of security, in the very very remote chance you are compromised, its going to take a long while. Is someone trying a variety of network attacks on your wireless network? If so, I've got good news - rule out that its not someone in a car outside, and you can pinpoint it pretty quick down to a neighbor. Talk to them if you think its their 16 year old punk teen, call the police, leave a note on their door with a picture of Sauron's eye saying they need to be more sneaky, whatever.