Advanced Plus Security Marana’s Security Config 2024

[Marana]

This has been my security configuration already for some years. Running smoothly.

 

[Dave Russo]

The Gdata keyboard guard , have you seen any response from it, interesting addition, I never heard of it, sounds good are you willing to elaborate? Thanks, does Microsoft Defender have good or any e- mail protection?

 

[harlan4096]

Real-time security:

Windows Defender
Malwarebytes Windows Firewall Control (WFC)
Comodo Firewall
NovirusThanks OSArmor
G DATA USB Keyboard Guard
ConfigureDefender
FirewallHardening

OVERKILL?

Thanks for sharing!

 

[Marana]

The Gdata keyboard guard , have you seen any response from it, interesting addition, I never heard of it, sounds good are you willing to elaborate? Thanks, does Microsoft Defender have good or any e- mail protection?

That is an old piece of software, however it has a simple and reliable principle of operation: When it detects a new USB device that identifies itself as a keyboard, it pops up a virtual numeric keyboard window and asks to enter a 4-digit code (that it displays) via mouse clicks, if one wants to enable the new device.

So it effectively blocks possible BADUSB attacks, but it also requires you to do four specific mouse clicks every time you insert a new USB keyboard to your system.

I don't know how effective Microsoft Defender is in e-mail protection (IIRC I have received one or maybe two warnings regarding emails or e-mail attachments, but they have happened several years ago).

OVERKILL?

Well no — not at all. That's what I call layered security .

And actually it's not even as much layered as one could easily think at first glance. Here is just one example...

One of the "essential eight principles" in cybersecurity is Application Control (aka application whitelisting). The easy way to implement this is to use a standard user account (SUA) along with a default-deny Software restriction policy (SRP) that blocks file execution in the user space.

Unfortunately Microsoft has abandoned its policy to install programs only to system space (\Program Files directories) and nowadays wants to install e.g. Microsoft Teams into user space (...\AppData\Local\Microsoft\Teams). So, to enable the safe execution of Microsoft Teams I use both SRP and NVT OSA:

• I created custom policies in SRP to enable the execution of programs in Microsoft Teams directories
• I created a custom block rule in OSA to block the execution of all programs in Microsoft Teams directories
• I created an exclusion rule in OSA to enable the execution of all Microsoft signed programs in Microsoft Teams directories

This approach can be used to safely allow execution of programs in specific user space directories, provided they are digitally signed by a trustworthy organization. However it needs both SRP and OSA.

 

[Brahman]

Why are you using two firewalls at the same time? It won't add to your protection. Disable windows firewall and wfc. With comodo, you don't need it.

 

[rashmi]

That is an old piece of software, however it has a simple and reliable principle of operation: When it detects a new USB device that identifies itself as a keyboard, it pops up a virtual numeric keyboard window and asks to enter a 4-digit code (that it displays) via mouse clicks, if one wants to enable the new device.

So it effectively blocks possible BADUSB attacks, but it also requires you to do four specific mouse clicks every time you insert a new USB keyboard to your system.

You're using Comodo Firewall. Have you explored the Device Control feature in Advanced Protection? It allows you to protect USB devices and add more device types.

 

[SpiderWeb]

This is a great setup with multiple automated layers of security. First time seeing a RADIUS server for home use.

 

[Marana]

Why are you using two firewalls at the same time? It won't add to your protection. Disable windows firewall and wfc. With comodo, you don't need it.

Well, first of all I prefer to use primarily native MS products, especially those that are built-in into Windows operating system, and I also had used Windows Firewall and WFC long before starting to play around with CFW, so my software firewall configuration is based on primarily Windows Firewall. I also like WFC's user interface and some of its "bells and whistles" a lot.

However I consider CFW to provide me with some layered security as well as some additional features like containment and script analysis that Windows Firewall does not have. CFW also seems to run smoothly along with Windows Firewall, causing no problems whatsoever. So why not use it?

You're using Comodo Firewall. Have you explored the Device Control feature in Advanced Protection? It allows you to protect USB devices and add more device types.

Hmm... this is interesting! I wasn't aware of this feature, and it doesn't seem to be available in my CFW's user interface. Maybe it's available only in the full CIS? I have installed only the CFW part. Anyway, I'll keep that in mind, and I might give it a try some day.

This is a great setup with multiple automated layers of security. First time seeing a RADIUS server for home use.

Yeah, I actually borrowed the idea of implementing 802.1X from the office where we used device certificates to protect devices on some VLANs. I consider it merely a nuance in home use, where the threat factors are somewhat different from those of businesses.

But anyway, at least I don't have to worry about someone cracking my WiFi password in the home VLAN, since there is no password!

 

[rashmi]

Hmm... this is interesting! I wasn't aware of this feature, and it doesn't seem to be available in my CFW's user interface. Maybe it's available only in the full CIS? I have installed only the CFW part. Anyway, I'll keep that in mind, and I might give it a try some day.

Navigate to Settings, then Advanced Protection, and finally Device Control.