SECURITY: Basic Valvaris Security Config 2020

Last updated
May 3, 2020
About
My primary device
Operating system
Login security
    • Password (Aa-Zz, 0-9, Symbols)
Primary sign-in
Microsoft account
Primary account rights
Administrator permissions
Security updates
Automatic - allow all types of updates
Windows UAC
Maximum - always notify
Real-time protection
Windows Defender
Software firewall
Microsoft Defender Firewall
Custom RTP, Firewall and OS settings
Standard
Malware research
No - malware samples are not downloaded
Periodic scanners
Windows Defender
Browsers, Search and Addons
UBlock Origin for Edge Chromium
PC maintenance
Windows Builld-in
Personal Files & Photos backup
None since all Data is on my HiDrive (Cloud) GDPR / DSVGO compliant Provider
Personal backup routine
None
Device recovery & backup
Not needed since all relevant Data is on HiDrive
Device backup routine
None
PC activity
  1. Video games
  2. Financial
  3. Browsing the Web
  4. Streaming content
Computer specs
CPU: I7 8700K (RAM OC)
RAM: 16 GB DDR4 3200MHz
MB: Asus Maximus Hero XI Z390
SOUND: Asus Essance STX II
GPU: Asus GeForce RTX 2070 Super Advanced
SSD: Samsung Nvme 960Evo 500GB
PSU: Seasonic Prime PX850

valvaris

Level 4
Verified
Jul 26, 2015
184
Hello to all,

what is going on?

This is something I wanted to share a long time and tested some Firewall Options out there (Software and Hardware). My Goal was to have a advanced system with Layered Defense and Control.

What are you talking about?

To explain every detail this will take some time but to make a long story short. The combination of what you have and how you use it makes a great difference.

On my Part I wanted to have Control on multiple layers on what - when and were things communicate - From my Network

What did you do come to the point m8?

My Network is a follows:

PC / IoT / WiFi -------> Switch -----> Firewall (Eth1) -----> ISP
TV / Android TV -------> Firewall (Eth2) -----> ISP

First we need IP Ranges
Network 1 (Eth1)
Code:
Address:   192.168.200.110/28
Netmask:   255.255.255.240 
Network:   192.168.200.96/28  
Broadcast: 192.168.200.111   
HostMin:   192.168.200.97       
HostMax:   192.168.200.110 
Hosts/Net: 14

Network 2 (Eth2)
Code:
Address:   192.168.200.200 /29
Netmask:   255.255.255.248
Network:   192.168.200.200/29
Broadcast: 192.168.200.207
HostMin:   192.168.200.201
HostMax:   192.168.200.206
Hosts/Net: 6

As a Firewall solution I use Untangle to Manage my Network and UBNT for my WiFi.

For the Firewall there is allot to mention:
SSL Inspection
WebContent Filter
Application Filter
Virus Blocker with SmartIQ (Cloud) and Bitdefender Engine (with MIME Type)
Layer 7 Firewall for GEOLocation Blocking and granular Firewall Rules
Adblocker
Layer 3 Firewall standard SPF with Default Deny Policy
Intrusion Prevention System

Example Layer 7 - Layer 3 Rule-set:
1590864770846.png


Why did you choose Untangle?

For me it was easier to use then a Sophos XG Home Edition because of the SSL Inspection Rules plus performance wise I have lots more bandwidth then the Sophos.

On my Hardware with a J2900 4GB DDR3 RAM and 32GB SSD I can use 700 Mbit/s to 850 Mbit/s with Untangle on a Sophos XG with the version 18 Software it was just 500 Mbit/s - 700 Mbit/s

The License I use is a HomePro. ;)

What about the PC then?

My Software Firewall on the PC is Glasswire Elite with the Firewall Option "Ask to Connect" with VirusTotal API "On". Windows Defender is for my needs more then enough and am very happy with it.

Wait Wait Wait what about the IoT and WiFi Devices ooohhh and do not forget the TV?

This is something I am very proud of.... BLOCK IT ALL! I only allow standard Port Communication HTTP NTP HTTPS on the direction toward the Internet (ISP). All my Apps seem to function as intended. (IPhone) Ups and the ApplePush Rule. ^^

So what about Backup?

For me none is needed:
GameSaves are on Steam
Windows Settings are on the Cloud
Browser Fav. & Settings are on the Cloud
My Private Data is on HiDrive
And a New Install of Windows 10 is done in under 10 Mins.

Thats all... :D

Best regards
Val.
 

Vitali Ortzi

Level 21
Verified
Dec 12, 2016
998
Hello to all,

what is going on?

This is something I wanted to share a long time and tested some Firewall Options out there (Software and Hardware). My Goal was to have a advanced system with Layered Defense and Control.

What are you talking about?

To explain every detail this will take some time but to make a long story short. The combination of what you have and how you use it makes a great difference.

On my Part I wanted to have Control on multiple layers on what - when and were things communicate - From my Network

What did you do come to the point m8?

My Network is a follows:

PC / IoT / WiFi -------> Switch -----> Firewall (Eth1) -----> ISP
TV / Android TV -------> Firewall (Eth2) -----> ISP

First we need IP Ranges
Network 1 (Eth1)
Code:
Address:   192.168.200.110/28
Netmask:   255.255.255.240
Network:   192.168.200.96/28
Broadcast: 192.168.200.111 
HostMin:   192.168.200.97     
HostMax:   192.168.200.110
Hosts/Net: 14

Network 2 (Eth2)
Code:
Address:   192.168.200.200 /29
Netmask:   255.255.255.248
Network:   192.168.200.200/29
Broadcast: 192.168.200.207
HostMin:   192.168.200.201
HostMax:   192.168.200.206
Hosts/Net: 6

As a Firewall solution I use Untangle to Manage my Network and UBNT for my WiFi.

For the Firewall there is allot to mention:
SSL Inspection
WebContent Filter
Application Filter
Virus Blocker with SmartIQ (Cloud) and Bitdefender Engine (with MIME Type)
Layer 7 Firewall for GEOLocation Blocking and granular Firewall Rules
Adblocker
Layer 3 Firewall standard SPF with Default Deny Policy
Intrusion Prevention System

Example Layer 7 - Layer 3 Rule-set:
View attachment 241573

Why did you choose Untangle?

For me it was easier to use then a Sophos XG Home Edition because of the SSL Inspection Rules plus performance wise I have lots more bandwidth then the Sophos.

On my Hardware with a J2900 4GB DDR3 RAM and 32GB SSD I can use 700 Mbit/s to 850 Mbit/s with Untangle on a Sophos XG with the version 18 Software it was just 500 Mbit/s - 700 Mbit/s

The License I use is a HomePro. ;)

What about the PC then?

My Software Firewall on the PC is Glasswire Elite with the Firewall Option "Ask to Connect" with VirusTotal API "On". Windows Defender is for my needs more then enough and am very happy with it.

Wait Wait Wait what about the IoT and WiFi Devices ooohhh and do not forget the TV?

This is something I am very proud of.... BLOCK IT ALL! I only allow standard Port Communication HTTP NTP HTTPS on the direction toward the Internet (ISP). All my Apps seem to function as intended. (IPhone) Ups and the ApplePush Rule. ^^

So what about Backup?

For me none is needed:
GameSaves are on Steam
Windows Settings are on the Cloud
Browser Fav. & Settings are on the Cloud
My Private Data is on HiDrive
And a New Install of Windows 10 is done in under 10 Mins.

Thats all... :D

Best regards
Val.
Nice Config.
But what version of Enterprise is your system?
 
Top