N.Nvt Brand new BTO X•BOOK 17CL56 - GTX Config

Nico@FMA

Level 27
Thread author
Verified
May 11, 2013
1,687
Today i bought a new BTO X•BOOK 17CL56 - GTX specially for my company FMA Intel Secure.
My other laptops are on their limits when it comes to developing and testing software and while those laptops are great i got fed up and wanted something new.
This laptop will ONLY be used for programming, testing and other FMA related tasks.
BTO Website see laptop

Laptop specification:
17CL56: NVIDIA GTX880m 8GB, Full HD, 90% Gamut Glare, (+/- 29500 3DMARK Score)
4x 8GB DDRL3 (1600mhz) Kingston HyperX Memory
Intel Core i7-4940MX Extreme Edition (8M Cache - Max 4GHz) Quad Core
2x Samsung 1TB 840 EVO 2.5 inch SSD

Alright here a little extra info about my configuration.

Symantec Endpoint Protection 12.1.4 (Set in client & session mode)
* Controlled by a Network Admin Session Server (NASS).
Note: Laptop does cannot make changes to the system itself, as it is all session based.
So turn off the laptop and everything is instant being reset to the values within the NASS and SEP Server.
Only software running on this system will be developer software with limited internet access.
You cannot connect to the network or server without your IP being listed as client the system is set up in such way that NO connection can be made without authorization.
For casual browsing the system is using a dummy tunnel which emulates a desktop computer in full virtualization mode.

Secure-link Integrated Security Gateway.
* Application identifier and Monitoring (Token and Session based)
* Next Generation Hardware Firewall (Intrusion Prevention/Deception)
* Integrated Threat Prevention (IPS, URL, antivirus, antimalware, Content Scanning)
* User management and Integration
* Full Network and Traffic Virtualization (Session based)
* Full Network Administration, Crash recovery, VPN, Network Backup, DDos rerouting.

FMA Intel Secure Online Backup 5TB
* All critical data is being stored on a own dedicated server within a local data-center fully secured by Alto Palto (USB Key based VPN access with full connection encryption)

Norton Online Backup 25 GB
* Only contains system images and documents.

Symantec System Recovery Server Edition
* One click 100% wipe and full re-install

Symantec Drive Encryption (PGP)
* Encrypts OS data and Local hard drive

As you can see this is a solid setup and leaves no room for malware, spyware & intruders, given the fact that the system is configured using the TNDA standard (Trust None Delete All).
Every 15 minutes a completely new unique session is being made when the system is running and the old session is being deleted on the spot and you can only continue a session if you use a USB Key token. So without the USB Key all data is during the previous session is deleted and the system is being put back into a predefined state.

Security as good as it gets IMHO.
So review and rate my security setup.
Enjoy.

To satisfy MT guru BoraMurdar i have replaced IE (And disabled it) with Opera browser.
Because his awesomeness demands every user in the world to block IE by default.
Now dear BoraMurdar can we get a amen?
Lmao for you BM your wish is my command.
 
Last edited:

Nico@FMA

Level 27
Thread author
Verified
May 11, 2013
1,687
Awesome!!!

But Internet Explorer... c'mon man! :p

I do not need anything else. And in terms of security there is nothing that can touch IE within the config i have.
So any browser would do just fine as the browser security settings are not a factor here.
There is really nothing that could pose a danger to IE within the current config.

So yes i use IE but if it pleases you tell me ANY browser and i will disable IE and put that browser on as it really does not matter.
 

BoraMurdar

Community Manager
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
I do not need anything else. And in terms of security there is nothing that can touch IE within the config i have.
So any browser would do just fine as the browser security settings are not a factor here.
There is really nothing that could pose a danger to IE within the current config.

So yes i use IE but if it pleases you tell me ANY browser and i will disable IE and put that browser on as it really does not matter.
Not security concerned at all but Internet Explorer!!! C'mon man :p
its main purpose is to download an another browser when you reinstall system :D
 

Nico@FMA

Level 27
Thread author
Verified
May 11, 2013
1,687
Not security concerned at all but Internet Explorer!!! C'mon man :p
its main purpose is to download an another browser when you reinstall system :D

Alright have it your way Internet Explorer is now disabled and Opera has been put on.
 
  • Like
Reactions: BoraMurdar

BoraMurdar

Community Manager
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
5.jpeg
 
D

Deleted member 178

a more corporate version of what i trying to do (will use common softs to make it more understandable to people) :D

so if i understood well :

- you have a kind of automated "snapshot/rollback system" , that is session based (what can be emulated with Rollback RX or Shadow Defender set on boot) that reload itself every 15mn , using a key stored in a usb to use the new session.
- you can browse via a virtual desktop with restriction policy passworded network access (what i may "mimic" via surfing inside Virtual Box and allowing only few ports)
- your connections are filtered, virtualized and secured by a gateway (this one can't be mimicked lol, this is much like a hardware firewalled router on steroids)
- your OS/data drives are encrypted with a pgp encryption (can be replicated via a kind of mix between Truecrypt and PGP)
- you backup/restore in one click your system images to/from the cloud. (can be done i guess with Acronis TI cloud feature, maybe less effective)

am i right?
 
  • Like
Reactions: Nico@FMA

Purshu_Pro

Level 29
Verified
Honorary Member
Aug 3, 2013
1,879
I do not need anything else. And in terms of security there is nothing that can touch IE within the config i have.
So any browser would do just fine as the browser security settings are not a factor here.
There is really nothing that could pose a danger to IE within the current config.

So yes i use IE but if it pleases you tell me ANY browser and i will disable IE and put that browser on as it really does not matter.
So how were u disabling ads in ur browser
 

Nico@FMA

Level 27
Thread author
Verified
May 11, 2013
1,687
a more corporate version of what i trying to do (will use common softs to make it more understandable to people) :D

so if i understood well :

- you have a kind of automated "snapshot/rollback system" , that is session based (what can be emulated with Rollback RX or Shadow Defender set on boot) that reload itself every 15mn , using a key stored in a usb to use the new session.
- you can browse via a virtual desktop with restriction policy passworded network access (what i may "mimic" via surfing inside Virtual Box and allowing only few ports)
- your connections are filtered, virtualized and secured by a gateway (this one can't be mimicked lol, this is much like a hardware firewalled router on steroids)
- your OS/data drives are encrypted with a pgp encryption (can be replicated via a kind of mix between Truecrypt and PGP)
- you backup/restore in one click your system images to/from the cloud. (can be done i guess with Acronis TI cloud feature, maybe less effective)

am i right?

More or less.
But you summed it up pretty much.

- you have a kind of automated "snapshot/rollback system" , that is session based (what can be emulated with Rollback RX or Shadow Defender set on boot) that reload itself every 15mn , using a key stored in a usb to use the new session.

No the laptop itself is in full client mode which means the OS does not have ANY authority.
The Admin server runs the main OS with the protocol / client config. And after shutting down the laptop everything is being put back in predefined default state by the server so every time the laptop boots it boots with a 100% clean OS.
However if there is a security problem then the Admin server can block any incoming and outgoing connection to the client and force a total wipe + recovery. Obviously FMA projects and such are being stored in a protected storage.

- you can browse via a virtual desktop with restriction policy passworded network access (what i may "mimic" via surfing inside Virtual Box and allowing only few ports)

No internet connection can only be made to predefined addresses.
So example: http://msn.com = blocked and denied.
But http://fma-is.nl is allowed and secured.
Or http://fma partner.com is allowed and secured.
But http://youtube.com blocked and denied.

See?

- your connections are filtered, virtualized and secured by a gateway (this one can't be mimicked lol, this is much like a hardware firewalled router on steroids)

Yes and no its not on steroids its just better save then sorry.
I take security serious and i do not mess around, so yes it costed a pretty euro.
But then again i need it for my company and i cannot play around with costumer data.
The would sue the crap out of me....

So as i said limited browsing the laptop can only serve the internet to connect to partner networks or to our own network or to visit important predefined webpages. All others is denied.
And each connection has its own dedicated security where the client is being pre-emulated. So each connection is unique and not generic. So its a bare bone full security protocol idea to navigate the net.

- your OS/data drives are encrypted with a pgp encryption (can be replicated via a kind of mix between Truecrypt and PGP)
- you backup/restore in one click your system images to/from the cloud. (can be done i guess with Acronis TI cloud feature, maybe less effective)


Yes
Norton did acquire PGP and made PGP a bit better.
My own backup system works great and due to the fact we handle critical costumer data i will not have my cloud back up in external hands.
And the Norton backup is rock solid to.

So tell me what you think about this setup?

Cheers
 
Last edited:

Nico@FMA

Level 27
Thread author
Verified
May 11, 2013
1,687
So how were u disabling ads in ur browser

The admin server has full control over the clients.
You can disable ANY program just like that. And ads and such are not being shown as the browser cannot service ads due to the very rule setting.
As mentioned before it only can connect to own and partner networks/clients.
So there are no ads to be shown.
 
Last edited:

Purshu_Pro

Level 29
Verified
Honorary Member
Aug 3, 2013
1,879
The admin server has full control over the clients.
You can disable ANY program just like that. And ads and such are not being shown as the browser cannot service ads due to the very rule setting.
As mentioned before it only can connect to own and partner networks/clients.
So there are no ads to be shown.
I see , so u are not permitted to browse any other sites other than u were authorised to. Right?
 
  • Like
Reactions: Nico@FMA

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top