Advanced Security Valvaris - Corp. Protection on Private PC and Network Config.

Last updated
May 8, 2022
Use case
Private use
Desktop OS
Windows 11
Device encryption
Login unlock
    • Passwordless (PIN or Biometrics)
OS updates
Allow security updates
User Access Control
Always notify
Smart App Control
WiFi network security
Malware protection
Sophos Intercept X Advanced with XDR
Firewall protection
Microsoft Defender Firewall for Windows 11 / 10
Custom security info
Sophos Central - Managed and Monitored - Default Deny Policy
Periodic scanners
Sophos Best Practice is to not enable scheduled scans since the Product covers a wide range of Protection Layers:
Quote from Sophos: "Because of real-time scanning and the background scanner that is always running, there's not much need for full system scans."
Malware samples
I do not participate in malware testing.
Default browser / extensions
Microsoft Edge Chromium
Secure DNS
Sophos XGS Firewall handles DNS requests with Uplink Server Quad9
VPN
None
Password manager
1 Password (Only Browser Plugin) Microsoft Edge Chromium
Security keys
Maintenance tools
DELL Support Assist
Personal backup
OneDrive Premium
Backup frequency
Automatic
Recovery backup
Microsoft Settings Sync - Browser Sync and OneDrive Sync
Recovery plan integrity
Risk factors
    • Working from home
    • Browsing to popular websites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Logging into my bank account
    • Downloading software and files from reputable sites
    • Gaming
    • Streaming audio/video content from trusted sites or paid subscriptions
    • Streaming audio/video content from shady sites
Computer specs
Brand: Alienware m17 R4
CPU: i7-10870H
GPU: RTX 3080 Mobile 16GB
RAM: 32 GB
Storage: SSD (DELL -> Samsung Drive)
Notable changes
Infrastructure and Software Change
Feedback response

Moderate feedback appreciated. If applicable, looking to make some major or minor changes.

valvaris

Level 5
Thread author
Verified
Well-known
Jul 26, 2015
249
Hello to all,

first a huge Disclaimer:
- > Software and Hardware in use is Company / Enterprise grade.
- > All Licenses in use are purchased with my own Money (Private) and NOT SPONSORED by the Vendors in any way!
- > This Configuration is my own Opinion and would love to share my Experience with the MalwareTips Community.
- > Configurations shared here can be unpractical for some and need a deeper understanding how the products function.
- > I will keep my configuration short and not go too deep in to what function covers what... (Protection alone [Would be a Wall-of-Text] otherwise)

My First Line of Defense is Network. With the Sophos XGS Firewall Appliance and segmentation of Networks: (Sophos XG / XGS Series of Firewalls are Zone Based Firewalls/Rules. It can be difficult to understand how Networks are effected by them!)

Example:
192.168.2.0 /30 - LAN Zone
10.222.222.0 /30 - Corp. Zone (Why such an IP-Address -> Not to Conflict with Routed Address on the Company Side)
192.168.5.0 /30 - IoT Device Server Zone
192.168.3.0 /28 - WiFi Zone with VLAN (Example 5 as a virtual interface) [Reason is to detach Access Point Management VLAN 1 from the Network] Broadcast Mitigation Unifi Products -> Will be replaced with a Sophos APX 120 Access Point in the future!

All features from the Sophos XGS Firewall Appliance that come with the XStream Protection Bundle are enabled and in use!
Just to name a few:
- Granular User Rules with Firewall features / ATP / IPS / Content Filter / DPI / SSL-Inspection / RED SD-WAN Orchestration / Sophos Central / DoS / Anti-Spoofing with Trusted IP and MAC Binding / ZeroDay Protection and so on...

Clarification:
There is no Active Directory or Directory Services in use. Users can be Managed directly from the Appliance as Local Users with MFA and Client Authentication Agent (Software).

Primary Firewall Rule Set is -> Default Deny
This means if the User is not logged on = Drop All!!! <- LAN Zone = No Internet / No Local Network
The other Zones are Configurated with dedicated Hosts and therefore have very granular Rules for that specific Zone Only with all Protections Modules enabled like mentioned above.

Only Protocols in use is: HTTP / HTTPS / DNS / NTP

As for the Private Laptop:

It is protected with Sophos Intercept X Advanced with XDR (Live Response and Data Lake = Enabled) and Managed in Sophos Central. The devices and network is configured with Security Heartbeat - So if a device becomes infected or something suspicious is happening it will ISOLATE itself automatically - Then it tries to clean itself and informs the admin! - With the Forensic tools build in to Sophos Central a Root Cause will be generated.

On default (My Configuration) all known Applications are blocked from execution and only the ones I truly use and need are Allowed specifically. (Build in to Sophos Intercept X Advanced)

With Sophos Intercept X Advanced with XDR there are so many Protection layers and can highly recommend to check them out: Sophos Intercept X Endpoint Protection

All my personal data is synced with OneDrive Premium as a backup measure with Personal Safe Enabled for Critical Data.

I know it is very short in terms of information. [view disclaimer on top of page]

I do not use Consumer grade AV-s or Firewalls anymore since there has to be a trust with Vendor / Dev. team behind it. Since I work in a company that mainly sells Sophos Products I got my hands-on-experience with it and learned allot about how they function and how big the community is behind Sophos. That is the reason I chose to convert my Ubiquiti Infrastructure with a F-Secure EPP for Computer AV, UDM-Pro and AccessPoints to Sophos XGS Firewall and Sophos AV Product.

On how I got my licenses for the products is simple - > I bought them (No NFR Licenses or Sponsorship)!!!

Sincerely
Val.
 

valvaris

Level 5
Thread author
Verified
Well-known
Jul 26, 2015
249
Why "Basic Security" again?!!! @MalwareTips Moderation Team

If it is again because of Backup then please delete this topic. - Data is Synced with the Cloud! - Critical Things are in Personal Safe! - To restore the System in its current state again takes about 20 Min. - Since all is connected with Online Services.

This system is not used for Malware Samples or even does not have a VM - WSL and such...

I do not argue that a Backup makes sense but in this case - With all the Cloud features enabled in this configuration. What do I need to do to be up an running?!:

- Install Windows 11
- Connect with Microsoft Account
- Wait for Sync
- Install Drivers from Windows Update since Dell has its repository there too
- Install Steam
- Install Sophos Agent
- Done!

Even a Backup can be more of a security risk because nobody takes the time to verify if the Backup can be restored or is Malware free.

Sincerely
Val.
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,253
Periodic Scanners -> it's reserved in general for 3rd party tools, not for the already r-t product installed.

Device recovery & backup -> for full image system backup, You can set cloud services in Personal Files & Photos backup.

And what if there is no InterNet connection or Your cloud services has issues? You can't trust only in cloud services, the ideal would be to count with cloud services, and also to have offline redundant backups in different external devices.
 
Last edited:

valvaris

Level 5
Thread author
Verified
Well-known
Jul 26, 2015
249
Great config! The only thing missing is Sophos MTR.
Yeah for a Private PC Setup that would be super overkill the MTR Service is AWESOME specially the "Advanced" - Like this I get to learn how XDR works and start queries to check if my system is safe. The added advantage is the learning experience how some things work and I get to tinker with XDR. Thank you for the feedback :D

Sincerely
Val.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top