- Oct 3, 2022
- 854
For all those people posting their security configs. If you are interested in testing to see how secure it really is, use an old machine to set it up and put it in your modem's DMZ. What that does is allow full internet access TO your machine, all protocols, all ports. Leave it for a week and then bring it offline and see if there are any problems. We all practice good security hygiene and never download malware, so this test things when things really go awry to see if your security is truly competent.
To see if there are any problems, you can setup Custom Views in Event Viewer. The list of event IDs are listed here: Appendix L - Events to Monitor .
There are several flavors when it comes to hackers. One type slips in and slips out without leaving any traces and don't bother you. They are very difficult to detect, but if you notice a gap in time in your logs then someone has probably erased some logs. The 2nd type notifies you that you've got security problems leaving a note or wallpaper. I got a hacker that sent me local mail on my Linux machine. The 3rd type wrecks your machine or wrecks some functionality so you'd definitely notice.
What you do next is up to you. You can shrug and say you can't stop hackers. Or you can say there is some way that they've got in, so there's a way to stop them. I take the second stance.
I make a drive image when I am done configuring before it ever goes online. (so find that offline AV installer, and pre-download the 2 "cumulative windows 11 x64" patches of the month from Microsoft Update Catalog so you can patch offline, and pre-download the latest MS Defender Intelligence mpam-fe.exe ). Two things are accomplished: a) you can be sure that the machine is absolutely clean and patched before it steps online b) you can re-use that drive image to make improvements without having to start from scratch. And that is a huge time saver because it takes 5 hrs for me to fully harden my machine.
I find it is better to see for myself how secure a setup really is, instead of waiting for @Shadowra to do her video tests. And then, the video tests only 1 or maybe 2 components of your security. These are real life scenarios that no video test can ever capture. The video tests gives you an idea of what to buy, but doing real life testing is where it really counts. Paying $60-$350 for a solution may give you a false sense of security. Sure you got all those knobs and switches to play with, but are they doing anything that really matters?
If at any point you want to leave this game, all you have to do is power off your modem for an hour or two. Then it would fetch a different ip address and no one is going bother you no more. To be extra safe, I have a hardware firewall with IPS Netgate 1100 pfSense+ Security Gateway between my modem and my internal LAN.
To see if there are any problems, you can setup Custom Views in Event Viewer. The list of event IDs are listed here: Appendix L - Events to Monitor .
There are several flavors when it comes to hackers. One type slips in and slips out without leaving any traces and don't bother you. They are very difficult to detect, but if you notice a gap in time in your logs then someone has probably erased some logs. The 2nd type notifies you that you've got security problems leaving a note or wallpaper. I got a hacker that sent me local mail on my Linux machine. The 3rd type wrecks your machine or wrecks some functionality so you'd definitely notice.
What you do next is up to you. You can shrug and say you can't stop hackers. Or you can say there is some way that they've got in, so there's a way to stop them. I take the second stance.
I make a drive image when I am done configuring before it ever goes online. (so find that offline AV installer, and pre-download the 2 "cumulative windows 11 x64" patches of the month from Microsoft Update Catalog so you can patch offline, and pre-download the latest MS Defender Intelligence mpam-fe.exe ). Two things are accomplished: a) you can be sure that the machine is absolutely clean and patched before it steps online b) you can re-use that drive image to make improvements without having to start from scratch. And that is a huge time saver because it takes 5 hrs for me to fully harden my machine.
I find it is better to see for myself how secure a setup really is, instead of waiting for @Shadowra to do her video tests. And then, the video tests only 1 or maybe 2 components of your security. These are real life scenarios that no video test can ever capture. The video tests gives you an idea of what to buy, but doing real life testing is where it really counts. Paying $60-$350 for a solution may give you a false sense of security. Sure you got all those knobs and switches to play with, but are they doing anything that really matters?
If at any point you want to leave this game, all you have to do is power off your modem for an hour or two. Then it would fetch a different ip address and no one is going bother you no more. To be extra safe, I have a hardware firewall with IPS Netgate 1100 pfSense+ Security Gateway between my modem and my internal LAN.
Last edited:
