Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Setup
PC Setup Configuration Help & Showcase
Marana’s Security Config 2024
Message
<blockquote data-quote="Marana" data-source="post: 1091802" data-attributes="member: 69370"><p>That is an old piece of software, however it has a simple and reliable principle of operation: When it detects a new USB device that identifies itself as a keyboard, it pops up a virtual numeric keyboard window and asks to enter a 4-digit code (that it displays) via mouse clicks, if one wants to enable the new device. </p><p></p><p>So it effectively blocks possible BADUSB attacks, but it also requires you to do four specific mouse clicks every time you insert a new USB keyboard to your system. </p><p></p><p>I don't know how effective Microsoft Defender is in e-mail protection (IIRC I have received one or maybe two warnings regarding emails or e-mail attachments, but they have happened several years ago).</p><p></p><p>Well no — not at all. That's what I call <em>layered security </em><img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" />.</p><p></p><p>And actually it's not even as much layered as one could easily think at first glance. Here is just one example...</p><p></p><p>One of the "essential eight principles" in cybersecurity is <a href="https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight/essential-eight-maturity-model" target="_blank">Application Control</a> (aka application whitelisting). The easy way to implement this is to use a standard user account (SUA) along with a default-deny Software restriction policy (SRP) that blocks file execution in the user space.</p><p></p><p>Unfortunately Microsoft has abandoned its policy to install programs only to system space (\Program Files directories) and nowadays wants to install e.g. Microsoft Teams into user space (...\AppData\Local\Microsoft\Teams). So, to enable the safe execution of Microsoft Teams I use both SRP and NVT OSA:</p><ul> <li data-xf-list-type="ul">I created custom policies in SRP to <em>enable </em>the execution of programs in Microsoft Teams directories</li> <li data-xf-list-type="ul">I created a custom block rule in OSA to <em>block </em>the execution of all programs in Microsoft Teams directories</li> <li data-xf-list-type="ul">I created an exclusion rule in OSA to <em>enable </em>the execution of all Microsoft signed programs in Microsoft Teams directories</li> </ul><p>This approach can be used to safely allow execution of programs in specific user space directories, provided they are digitally signed by a trustworthy organization. However it needs both SRP and OSA.</p></blockquote><p></p>
[QUOTE="Marana, post: 1091802, member: 69370"] That is an old piece of software, however it has a simple and reliable principle of operation: When it detects a new USB device that identifies itself as a keyboard, it pops up a virtual numeric keyboard window and asks to enter a 4-digit code (that it displays) via mouse clicks, if one wants to enable the new device. So it effectively blocks possible BADUSB attacks, but it also requires you to do four specific mouse clicks every time you insert a new USB keyboard to your system. I don't know how effective Microsoft Defender is in e-mail protection (IIRC I have received one or maybe two warnings regarding emails or e-mail attachments, but they have happened several years ago). Well no — not at all. That's what I call [I]layered security [/I]:). And actually it's not even as much layered as one could easily think at first glance. Here is just one example... One of the "essential eight principles" in cybersecurity is [URL='https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight/essential-eight-maturity-model']Application Control[/URL] (aka application whitelisting). The easy way to implement this is to use a standard user account (SUA) along with a default-deny Software restriction policy (SRP) that blocks file execution in the user space. Unfortunately Microsoft has abandoned its policy to install programs only to system space (\Program Files directories) and nowadays wants to install e.g. Microsoft Teams into user space (...\AppData\Local\Microsoft\Teams). So, to enable the safe execution of Microsoft Teams I use both SRP and NVT OSA: [LIST] [*]I created custom policies in SRP to [I]enable [/I]the execution of programs in Microsoft Teams directories [*]I created a custom block rule in OSA to [I]block [/I]the execution of all programs in Microsoft Teams directories [*]I created an exclusion rule in OSA to [I]enable [/I]the execution of all Microsoft signed programs in Microsoft Teams directories [/LIST] This approach can be used to safely allow execution of programs in specific user space directories, provided they are digitally signed by a trustworthy organization. However it needs both SRP and OSA. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
