Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Operating Systems
Windows 11
Worth Upgrading to Win 11 Pro for Security Reasons?
Message
<blockquote data-quote="Victor M" data-source="post: 1076899" data-attributes="member: 96560"><p>[USER=94558]@patrick85[/USER] .</p><p>There is 1 thing that I forgot. Very important step in incident response. That is, containment, which is to contain the intrusion. The intruder can laterally move across to other computers in the network, so it is crucial to have the pc isolated. It is never too late to do this step. If your switch or router has the capability, create VLAN segments, then put all the other PCs into one VLAN, and the breached PC into it's own VLAN. Or, if you have 2 old routers lying around, apply the same idea: breached PC under it's own router and all other PCs under another. VLAN equipment is now very cheap, >$100 for an ethernet only router.</p><p></p><p>2nd thing you could do: use the opportunity to make an Still-Offline Already-Configured Windows drive image. You will need to pre-download a drive image backup program. And just before installing those programs which require an online-download-install process, (like most AV programs) make the drive image and keep it safe. This image is important to have, as you can safely use it to restore to make a clean environment. Since it is Still-Offline, it guarantees that the intruder is not present on it. And if you pre-configure Windows before you make the drive image, you save yourself from having to repeat those steps again. Optionally it makes for a network-wide/dept-wide standardized config due to Window's One Core architecture - Windows will adjust itself when you apply the image to another piece of hardware.</p><p></p><p>To have an Still-Offline windows install: at the 3rd setup reboot, press SHIFT-F10. A command prompt will appear, type "OOBE\BYPASSNRO". This will cause a reboot, then you will get the choice "I don't have internet". Then you can make local accounts instead of having to connect to MS to use an online account. After desktop appears, turn off WiFi.</p><p></p><p>The Barbar question is not important. It is ultimately just a tool. The important thing is that the intruder is present. And he can install other tools. Now that Barbar is removed, he will adapt. His next tool won't be so easy to find. Get rid of the bugger.</p></blockquote><p></p>
[QUOTE="Victor M, post: 1076899, member: 96560"] [USER=94558]@patrick85[/USER] . There is 1 thing that I forgot. Very important step in incident response. That is, containment, which is to contain the intrusion. The intruder can laterally move across to other computers in the network, so it is crucial to have the pc isolated. It is never too late to do this step. If your switch or router has the capability, create VLAN segments, then put all the other PCs into one VLAN, and the breached PC into it's own VLAN. Or, if you have 2 old routers lying around, apply the same idea: breached PC under it's own router and all other PCs under another. VLAN equipment is now very cheap, >$100 for an ethernet only router. 2nd thing you could do: use the opportunity to make an Still-Offline Already-Configured Windows drive image. You will need to pre-download a drive image backup program. And just before installing those programs which require an online-download-install process, (like most AV programs) make the drive image and keep it safe. This image is important to have, as you can safely use it to restore to make a clean environment. Since it is Still-Offline, it guarantees that the intruder is not present on it. And if you pre-configure Windows before you make the drive image, you save yourself from having to repeat those steps again. Optionally it makes for a network-wide/dept-wide standardized config due to Window's One Core architecture - Windows will adjust itself when you apply the image to another piece of hardware. To have an Still-Offline windows install: at the 3rd setup reboot, press SHIFT-F10. A command prompt will appear, type "OOBE\BYPASSNRO". This will cause a reboot, then you will get the choice "I don't have internet". Then you can make local accounts instead of having to connect to MS to use an online account. After desktop appears, turn off WiFi. The Barbar question is not important. It is ultimately just a tool. The important thing is that the intruder is present. And he can install other tools. Now that Barbar is removed, he will adapt. His next tool won't be so easy to find. Get rid of the bugger. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
