Does anyone here follow the NSA's advice?

[DeepWeb]

IAD’s Top 10 Information Assurance Mitigation Strategies

1. Application Whitelisting

2. Control & limit administrative privileges

3. Limit file-sharing

4. Use a cloud-based antivirus

5. Enable anti-exploit features

6. Use a HIPS

7. Use a Secure baseline (configure group policy)

8. Use a service that blocks domains known for malicious content.

9. Update your software

10. Segregate your network and functions.


====================================================

All the snark aside, the NSA created this top 10 for citizens and government agencies as the most basic guidelines to follow and I agree. I think if every Security configuration were modeled after this, 99.9% of malware would have no chance except for the 0.01% that uses incredible exploits, changes signatures and waits for its opportunity to strike. I think it is worth going through the list to check if your system hits all the checkmarks.

 

[DeepWeb]

For me,

1. FAIL: Maybe Comodo sandboxing/blocking unknown applications
2. SUA
3. Disabled all file sharing
4. Check (F-Secure DeepGuard Cloud Antivirus)
5. Malwarebytes Anti-Exploit
6. Comodo Firewall
7. Using group policy templates for Chrome, Office and Windows
8. Hosts file, Antivirus, Comodo, Chrome safe browsing
9. Automatic updates
10. FAIL. I wouldn't know how to do it.

 

[Sunshine-boy]

thanks for share!

 

[Deleted member 178]

Umbra's Top 10 (in red) Information Assurance Mitigation Strategies

1. Application Whitelisting : Appguard (SRP) + ReHIPS (Isolation + Application Control) = good luck to bypass that...
2. Control & limit administrative privileges: SUA
3. Limit file-sharing: not using it.
4. Use a cloud-based antivirus: no need...but because Win10 has WinDef i use it...
5. Enable anti-exploit features: HMPA
6. Use a HIPS: No need , see point 1
7. Use a Secure baseline (configure group policy): im on Home version , so no GP, but i use registry tweaks to achieve similar result. Also i use Rollback RX and can reload a clean baseline in seconds.
8. Use a service that blocks domains known for malicious content. Adguard + Chrome filter.
9. Update your software: no really?
10. Segregate your network and functions. : i have wifi access for guests separated from mine, no machines in my network can communicate with the others.

No need for me to "follow" their advices, i knew it already.

 

[Andytay70]

No i dont!
I would rather follow someones advice from this forum than take the NSA's advice.

 

[Vasudev]

Umbra's Top 10 (in red) Information Assurance Mitigation Strategies

1. Application Whitelisting : Appguard (SRP) + ReHIPS (Isolation + Application Control) = good luck to bypass that...
2. Control & limit administrative privileges: SUA
3. Limit file-sharing: not using it.
4. Use a cloud-based antivirus: no need...but because Win10 has WinDef i use it...
5. Enable anti-exploit features: HMPA
6. Use a HIPS: No need , see point 1
7. Use a Secure baseline (configure group policy): im on Home version , so no GP, but i use registry tweaks to achieve similar result. Also i use Rollback RX and can reload a clean baseline in seconds.
8. Use a service that blocks domains known for malicious content. Adguard + Chrome filter.
9. Update your software: no really?
10. Segregate your network and functions. : i have wifi access for guests separated from mine, no machines in my network can communicate with the others.

No need for me to "follow" their advices, i knew it already.

Will Voodoo shield and EMET do the job if HMPA and ReHIPS/AppGuard isn't a viable option?

 

[Deleted member 178]

Will Voodoo shield and EMET do the job if HMPA and ReHIPS/AppGuard isn't a viable option?

VS paid + EMET tweaked , yes

 

[DeepWeb]

No i dont!
I would rather follow someones advice from this forum than take the NSA's advice.

These are the guidelines by NSA security researchers on how to protect government computers especially those of the military. I thought following them can't hurt. They are universal truths in infosec tbh. Only a few more things are missing but they mention those in other guidelines:

11. Change your passwords frequently with a password manager.

12. Use your brain.exe when navigate through the Internet and email.

13. Always use a VPN on foreign networks. The NSA actually recommends creating your own VPS instance and taking it down when you are finished such as

Algo: algo/README.md at master · trailofbits/algo · GitHub
Streisand: streisand/README.md at master · jlund/streisand · GitHub

 

[Arequire]

Change your passwords frequently with a password manager.

I disagree with this one for home users. If you use a unique password for each account and have no confirmation of a data breach at any service for which you have an account then I see very little value in changing your passwords until a breach is confirmed.

 

[Andytay70]

These are the guidelines by NSA security researchers on how to protect government computers especially those of the military. I thought following them can't hurt. They are universal truths in infosec tbh. Only a few more things are missing but they mention those in other guidelines:

11. Change your passwords frequently with a password manager.

12. Use your brain.exe when navigate through the Internet and email.

13. Always use a VPN on foreign networks. The NSA actually recommends creating your own VPS instance and taking it down when you are finished such as

Algo: algo/README.md at master · trailofbits/algo · GitHub
Streisand: streisand/README.md at master · jlund/streisand · GitHub

By the people who hack computers!
No thanks i'll get my advice elsewhere.

 

[Bombus]

My 5 cents. User can be infected by: a) drive-by-download.( a user follows link that he get in Facebook, yahoo email, gmail, skype, in a forum, or went to some site and automatically gets infected. He get infected because flash player, adobe pdf reader, microsoft silverlight, Java by Oracle were installed and they automatically installed a malware without user help.
In oder to prevent it I always visit all sites using Sandboxie. And I removed Acrobat reader ( i have Sumatra pdf reader), ditched Flash player, the last time Java by oracle was sitting in my PC was maybe 5 years ago. I have updated windows. Mozilla has only Norton symantec safeweb addon, Chrome - Bitdefender trafficlight (no more, no less). And of course, I have avast, Comodo and Adguard installed. So it is very little chance that i can be infected visiting sites.
User can get infected b) after have downloaded something from email, Skype, forums or sites.
I know what i downloading. The unique possibility is that a site can be hacked and instead of good software i can get trojan (remember Opera in maybe 4 years ago, Combofix and Kaspersky Internet security in Canada (?USA) branch? So in this case i trust in Avast and Comodo. There's possiblity i can get infected after downloaded exploit for MS Office. I think Comodo can handle it. Just in case i installed HitmanproAlert. Testing. Works perfectly. And extentions are visibal (so all kind of Invoice.pdf.exe is not a problem for me).
User can get infection c) after an infected USB is connected to his PC.
I have Avast, Comodo, patched windows, Standard user and... autoplay disabled.
In short, I am following NSA suggestions, but in my way.
By the way, right now i am connected to MalwareTips in sandboxed Mozilla. )))

 

[DeepWeb]

By the people who hack computers!
No thanks i'll get my advice elsewhere.

Don't you think that the people who hack computers would know how to secure them too?
They are just listing how layered security works tbh. No harm done. Other governments have similar guidelines:

EUD Security Guidance: Windows 10 - NCSC Site

ISM - Information Security Manual: ASD Australian Signals Directorate

 

[mekelek]

I don't follow NSA I follow Brain.exe and commonsense.exe

Brain.exe and commonsense.exe doesn't respond when Eye.exe can't see anything happening.

 

[509322]

Don't you think that the people who hack computers would know how to secure them too?

That's not saying much considering that both the NSA and CIA have been very successfully hacked multiples of times.

Anyway, the advice in the linked document is fundamental IT security guidelines to secure personal, enterprise and government systems.

 

[Bombus]

That is true but IMO if you run a good AV and follow Brain.exe and CommonSense.exe you have a good chance of staying infection free

Guys, guys, ,,do not make war, make love".
I think that NSA gave very good advises. I trust them totally because every suggestion is reasonable. The problem sits in User end. For me The problem is: i like comodo, but i don't like it's hips. I got infection of encoder because: after double click (i knew that it is a malware - prepared backups, but wanted to see how comdo works). First - i saw autocontainment alert and after - hips alert. I clicked on ,,allow" thinking that encoder is already sitting in comodo sandbox. In standard user account all files were encrypted, but in admin account all files were intact. That encoder was old. Avast killed it when downloading, so i had to disable Avast. After that infection, I set my comodo according to cruelsister. Malware was isoleted and no new created docs were encrypted. To be sur that malware is stil awake, i restored my previous comodo settings and clicked on malware. All docs were reencrypted. So from that time (back in november), i have comd with cruelsister's configuration.

 

[509322]

Brain.exe and commonsense.exe doesn't respond when Eye.exe can't see anything happening.

Typical user does not understand what they are seeing and therefore their brain is of no help and they lack common sense so that is no help either.

They should just stay unplugged.

 

[EASTER]

That's not saying much considering that both the NSA and CIA have been very successfully hacked multiples of times.

Anyway, the advice in the linked document is fundamental IT security guidelines to secure personal, enterprise and government systems.

Aren't you forgetting someone? OPM.
The compromised data included SF-86 forms which contain intimate details so on and so forth DOD. Grrrrrrrrr!!!

 

[Deleted member 178]

Those guidelines are just classic guidelines that any IT with enough experience in security knows and will deploy or not based on the requirement/limitations he has. Back in the days, i wrote here a guide to setup a decent layered security setup, most points i made are present on this NSA guidelines.

So basically , those guidelines could have been written by any security experts , they are still valid. the fact that the NSA wrote it is almost irrelevant.

 

[Vasudev]

VS paid

 

[Ink]

By the people who hack computers!
No thanks i'll get my advice elsewhere.

You must be an idiot.

The listed points are similar to what any other computer security expert may suggest.