Does anyone here follow the NSA's advice?

DeepWeb

DeepWeb

Level 25
Thread author
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
IAD’s Top 10 Information Assurance Mitigation Strategies

1. Application Whitelisting

2. Control & limit administrative privileges

3. Limit file-sharing

4. Use a cloud-based antivirus

5. Enable anti-exploit features

6. Use a HIPS

7. Use a Secure baseline (configure group policy)

8. Use a service that blocks domains known for malicious content.

9. Update your software

10. Segregate your network and functions.


====================================================

All the snark aside, the NSA created this top 10 for citizens and government agencies as the most basic guidelines to follow and I agree. I think if every Security configuration were modeled after this, 99.9% of malware would have no chance except for the 0.01% that uses incredible exploits, changes signatures and waits for its opportunity to strike. I think it is worth going through the list to check if your system hits all the checkmarks. :)
 
  • Like
Reactions: Handsome Recluse, tonibalas, brambedkar59 and 11 others
DeepWeb

DeepWeb

Level 25
Thread author
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
For me,

1. FAIL: Maybe Comodo sandboxing/blocking unknown applications
2. SUA
3. Disabled all file sharing
4. Check (F-Secure DeepGuard Cloud Antivirus)
5. Malwarebytes Anti-Exploit
6. Comodo Firewall
7. Using group policy templates for Chrome, Office and Windows
8. Hosts file, Antivirus, Comodo, Chrome safe browsing
9. Automatic updates
10. FAIL. I wouldn't know how to do it.

:)
 
  • Like
Reactions: Vasudev, SHvFl, AtlBo and 5 others
D

Deleted member 178

Umbra's Top 10 (in red) Information Assurance Mitigation Strategies

1. Application Whitelisting : Appguard (SRP) + ReHIPS (Isolation + Application Control) = good luck to bypass that...
2. Control & limit administrative privileges: SUA
3. Limit file-sharing: not using it.
4. Use a cloud-based antivirus: no need...but because Win10 has WinDef i use it...
5. Enable anti-exploit features: HMPA
6. Use a HIPS: No need , see point 1
7. Use a Secure baseline (configure group policy): im on Home version , so no GP, but i use registry tweaks to achieve similar result. Also i use Rollback RX and can reload a clean baseline in seconds.
8. Use a service that blocks domains known for malicious content. Adguard + Chrome filter.
9. Update your software: no really? :p
10. Segregate your network and functions. : i have wifi access for guests separated from mine, no machines in my network can communicate with the others.

No need for me to "follow" their advices, i knew it already.
 
Last edited by a moderator:
  • Like
Reactions: jelson, Tiny, tonibalas and 8 others
V

Vasudev

Level 33
Verified
Nov 8, 2014
2,251
Umbra said:
Umbra's Top 10 (in red) Information Assurance Mitigation Strategies

1. Application Whitelisting : Appguard (SRP) + ReHIPS (Isolation + Application Control) = good luck to bypass that...
2. Control & limit administrative privileges: SUA
3. Limit file-sharing: not using it.
4. Use a cloud-based antivirus: no need...but because Win10 has WinDef i use it...
5. Enable anti-exploit features: HMPA
6. Use a HIPS: No need , see point 1
7. Use a Secure baseline (configure group policy): im on Home version , so no GP, but i use registry tweaks to achieve similar result. Also i use Rollback RX and can reload a clean baseline in seconds.
8. Use a service that blocks domains known for malicious content. Adguard + Chrome filter.
9. Update your software: no really? :p
10. Segregate your network and functions. : i have wifi access for guests separated from mine, no machines in my network can communicate with the others.

No need for me to "follow" their advices, i knew it already.
Click to expand...
Will Voodoo shield and EMET do the job if HMPA and ReHIPS/AppGuard isn't a viable option?
 
DeepWeb

DeepWeb

Level 25
Thread author
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
Andytay70 said:
No i dont!
I would rather follow someones advice from this forum than take the NSA's advice.
Click to expand...
These are the guidelines by NSA security researchers on how to protect government computers especially those of the military. I thought following them can't hurt. They are universal truths in infosec tbh. Only a few more things are missing but they mention those in other guidelines:

11. Change your passwords frequently with a password manager.

12. Use your brain.exe when navigate through the Internet and email.

13. Always use a VPN on foreign networks. The NSA actually recommends creating your own VPS instance and taking it down when you are finished such as

Algo: algo/README.md at master · trailofbits/algo · GitHub
Streisand: streisand/README.md at master · jlund/streisand · GitHub
 
  • Like
Reactions: Sunshine-boy, Vasudev, brambedkar59 and 1 other person
A

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
DeepWeb said:
Change your passwords frequently with a password manager.
Click to expand...
I disagree with this one for home users. If you use a unique password for each account and have no confirmation of a data breach at any service for which you have an account then I see very little value in changing your passwords until a breach is confirmed.
 
Last edited:
  • Like
Reactions: askmark, Vasudev and brambedkar59
Andytay70

Andytay70

Level 15
Verified
Top Poster
Well-known
Jul 6, 2015
737
DeepWeb said:
These are the guidelines by NSA security researchers on how to protect government computers especially those of the military. I thought following them can't hurt. They are universal truths in infosec tbh. Only a few more things are missing but they mention those in other guidelines:

11. Change your passwords frequently with a password manager.

12. Use your brain.exe when navigate through the Internet and email.

13. Always use a VPN on foreign networks. The NSA actually recommends creating your own VPS instance and taking it down when you are finished such as

Algo: algo/README.md at master · trailofbits/algo · GitHub
Streisand: streisand/README.md at master · jlund/streisand · GitHub
Click to expand...
By the people who hack computers!
No thanks i'll get my advice elsewhere.
 
  • Like
Reactions: ispx, Vasudev and ZeroDay
B

Bombus

Level 2
Verified
Jun 12, 2016
50
My 5 cents. User can be infected by: a) drive-by-download.( a user follows link that he get in Facebook, yahoo email, gmail, skype, in a forum, or went to some site and automatically gets infected. He get infected because flash player, adobe pdf reader, microsoft silverlight, Java by Oracle were installed and they automatically installed a malware without user help.
In oder to prevent it I always visit all sites using Sandboxie. And I removed Acrobat reader ( i have Sumatra pdf reader), ditched Flash player, the last time Java by oracle was sitting in my PC was maybe 5 years ago. I have updated windows. Mozilla has only Norton symantec safeweb addon, Chrome - Bitdefender trafficlight (no more, no less). And of course, I have avast, Comodo and Adguard installed. So it is very little chance that i can be infected visiting sites.
User can get infected b) after have downloaded something from email, Skype, forums or sites.
I know what i downloading. The unique possibility is that a site can be hacked and instead of good software i can get trojan (remember Opera in maybe 4 years ago, Combofix and Kaspersky Internet security in Canada (?USA) branch? So in this case i trust in Avast and Comodo. There's possiblity i can get infected after downloaded exploit for MS Office. I think Comodo can handle it. Just in case i installed HitmanproAlert. Testing. Works perfectly. And extentions are visibal (so all kind of Invoice.pdf.exe is not a problem for me).
User can get infection c) after an infected USB is connected to his PC.
I have Avast, Comodo, patched windows, Standard user and... autoplay disabled.
In short, I am following NSA suggestions, but in my way.
By the way, right now i am connected to MalwareTips in sandboxed Mozilla. )))
 
Last edited:
  • Like
Reactions: Sunshine-boy, Vasudev, brambedkar59 and 1 other person
DeepWeb

DeepWeb

Level 25
Thread author
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
  • Like
Reactions: Sunshine-boy
B

Bombus

Level 2
Verified
Jun 12, 2016
50
MalwareTracker said:
That is true but IMO if you run a good AV and follow Brain.exe and CommonSense.exe you have a good chance of staying infection free
Click to expand...
Guys, guys, ,,do not make war, make love".
I think that NSA gave very good advises. I trust them totally because every suggestion is reasonable. The problem sits in User end. For me The problem is: i like comodo, but i don't like it's hips. I got infection of encoder because: after double click (i knew that it is a malware - prepared backups, but wanted to see how comdo works). First - i saw autocontainment alert and after - hips alert. I clicked on ,,allow" thinking that encoder is already sitting in comodo sandbox. In standard user account all files were encrypted, but in admin account all files were intact. That encoder was old. Avast killed it when downloading, so i had to disable Avast. After that infection, I set my comodo according to cruelsister. Malware was isoleted and no new created docs were encrypted. To be sur that malware is stil awake, i restored my previous comodo settings and clicked on malware. All docs were reencrypted. So from that time (back in november), i have comd with cruelsister's configuration.
 
  • Like
Reactions: Sunshine-boy and MalwareTracker
EASTER

EASTER

Level 4
Verified
Well-known
May 9, 2017
159
Lockdown said:
That's not saying much considering that both the NSA and CIA have been very successfully hacked multiples of times.

Anyway, the advice in the linked document is fundamental IT security guidelines to secure personal, enterprise and government systems.
Click to expand...

Aren't you forgetting someone? OPM.
The compromised data included SF-86 forms which contain intimate details so on and so forth DOD. Grrrrrrrrr!!!
 
D

Deleted member 178

Those guidelines are just classic guidelines that any IT with enough experience in security knows and will deploy or not based on the requirement/limitations he has. Back in the days, i wrote here a guide to setup a decent layered security setup, most points i made are present on this NSA guidelines.

So basically , those guidelines could have been written by any security experts , they are still valid. the fact that the NSA wrote it is almost irrelevant.
 
  • Like
Reactions: MWNu72, Sunshine-boy and ispx
You must log in or register to reply here.

Similar threads

oldschool
    • Wow
    • Like
Security News Anyone Can Buy Data Tracking US Soldiers and Spies to Nuclear Vaults and Brothels in Germany
Replies
1
Views
408
Security News
oldschool
oldschool
oldschool
    • +Reputation
    • Like
    • Thanks
Privacy News Protecting Your Privacy While Eroding Your Democracy: Apple's and Mozilla's PPAs (Privacy Preserving Ad Attribution) Considered Harmful
Replies
2
Views
892
Security News
bazang
bazang
SpyNetGirl
    • Like
    • +Reputation
    • Hundred Points
Harden Windows Security | Only with official documented methods | Always up to date
Replies
75
Views
15,754
Other security for Windows, Mac, Linux
Warencom
W

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top