Tinytankerbrunks Setup

[tinytankerbrunk]

EMET 2.0 Setup:

Common Practice:
I am definitely a pirated-media junkie, currently approaching 3TB of media.
I visit “IT Security” related websites often, as I'm studying for my BS in IT Security.
Questions:
Is there any gaps in my layered security approach?
If so, what can I do to improve, while still maintaining a “low-resource” usage profile, and remain free?
Is CIS and Immunet too redundant? I don’t mind it so much because all the resource usage from Immunet is done on their servers.
Can I do anything to increase wireless security?
Can I do anything to secure my Windows Home Server, and my network shares?

 

[bogdan]

Thanks for sharing such a detailed config.
I feel that CIS improved the white-list sufficiently and I don't see the benefits of Clean PC Mode.
There are some vulnerabilities with the default settings in CIS. The default setting for auto-sandboxed apps allows them access to some of your data files (in My Documents for example) and ransom-ware malware could take advantage of this. To fix go to Defense+ -> Defense+ Settings -> Execution Control Settings and change Treat unrecognized files as from Partially Limited to Restricted or Untrusted. This is debatable since most application will not run sandboxed with these settings though.
I assume that you also keep an eye on the other PCs in your network.

 

[Ink]

I'm no expert, but you could only allow MAC addresses (set on router) of certain devices that you want connecting to you Network.

Installing an Internet Security Suite should be enough (for realtime protection), so I would say Immunet is not needed.

I noticed you have ClearCloud DNS and G-Data Cloud Security. How is that working out?

I think your set-up is an over-kill Just my opinion.

 

[LaserWraith]

I personally use CIS in paranoid, in case something malicious is trusted by Comodo, but it can get annoying.

Looks like you have more tools than me. I have found WOT useful for me, but others may not.

You probably know more about security than I do, seeing as how I'm self-taught and haven't been to college yet.

 

[tinytankerbrunk]

Thanks for the replies. I have changed my D+ sandbox setting, I'll see how it goes with app stability. I will look at switching from clean PC mode, but I have it set to auto block new apps, because I don't install all kinds of stuff to clutter my system drive. That's what a VM is for As far as the G Data cloud scanner goes, i was testing until recently when it has become incompatible with my FF browser. My overall impression of it so far is that it's too new to implement. It just nags too much, plus, I don't know what kind of strategy they use for it. Is it purely signature based? If so, that's what ClearCloud is for in my opinion. I really like the M86/Finjan addon alot, but it too is still new, but I'm not dropping as they have an excellent track record, and it doesn't record my browsing history. Who knows what G Data is doing if they even include an ad for you to buy their product on their block page lol...but hey, they gotta make a living right??

 

[tinytankerbrunk]

I could, and have, gone the MAC route before. However, when friends and family come to visit, this can be a hassle to have them connect, let alone having to type in the 20 string password lol. Plus, MAC spoofing is easier than a cheap prom date. Therefore, I have given up on the MAC-only approach. One approach I use is to limit the amount of users on my DHCP at a given time. I allow only what is at my house, then I edit for additional people as they come and go. This way there's a hard limit no matter what. However, someone could theoretically connect while I have a device turned off, but I think it's not such a futile attempt as the MAC-only stuff goes