- Aug 7, 2017
- 267
R2D2's Security Configuration June 2022
Hi,Interesting config, especially in real-time protection and personal files & photos backup
Now for most critical feedback:
Set UAC to always notify to prevent bypasses:
Bypassing Windows 10 UAC with mock folders and DLL hijacking
A new technique uses a simplified process of DLL hijacking and mock directories to bypass Windows 10's UAC security feature and run elevated commands without alerting a user.www.bleepingcomputer.com
No need for a local adblocker like uBlock Origin (for cosmetic filtering) with pfBlockerNG ?
For periodic security scanners you should use something other than your realtime AV, like for example Norton Power Eraser.
You mentioned three secure DNS, which one are you currently using?
Same question for VPN.
You use or have used almost all available password managers, which one do you prefer and why?
Why do you use three browsers?
Wouldn't it make more sense to use NextDNS and Cloudflare + Google as a fallback? I mean in NextDNS you get additional filtering and if there is a downtime you get a fallback to a stable DNS like Cloudflare or Google.d) I normally use Cloudflare, NextDNS & Google in that order in my pfSense box.
Yes that's how it is configured. The router/firewall (dual WAN with load balancing and fail over) uses NextDNS as primary (my bad I thought it was Cloudflare), with Cloudlflare and Google as 1st and 2nd level backups. The router appliance is configured for secure DNS.Wouldn't it make more sense to use NextDNS and Cloudflare + Google as a fallback? I mean in NextDNS you get additional filtering and if there is a downtime you get a fallback to a stable DNS like Cloudflare or Google.
Oh, got you wrong then. My bad...Yes that's how it is configured. The router/firewall (dual WAN with load balancing and fail over) uses NextDNS as primary, with Cloudlflare and Google as 1st and 2nd level backups. The router appliance is configured for secure DNS.
not at all. Actually I made a mistake, my pfSense is configured with nextDNS as primary and the other 2 as backups. Ideally, pfSense requires a DNS for each WAN connection and at least 1 each for both IPv4 and IPv6. My ISPs provide dual stack addresses and use both types of addressing systems.Oh, got you wrong then. My bad...