Daily IT Matters, this is the place where I post my daily findings on IT.

Sunday, September 23, 2007

Desktop Security

Well this entry deals with the current security setup I have on my computer.
And explains why I have them installed.

Security comes in several layers I'm not talking about OSI.

1. Router Firewall / NAT.
2. Software Firewall (Application based firewall)
3. Hostbased Intrusion Protection (HIPS)
4. Antivirus.
5. Anti Spyware.

1. The first one is pretty simple either you have it or you don't.
My router I got with my broadband comes with NAT but no Firewall.
NAT = Network Address Translation.
NAT offers a nice first layer of defense for hackers, because they need to figure out what the internal network is.

The internal network can be easy to figure out on a specially crafted website, there are several websites that show your internal IP address on your network.

eg. http://ip-lookup.net/lan-address

You see its easy to get your local lan address.
Here are some Apache logs, I had apache running locally for MRTG and I had NOT done any portforwards on my router so my apache should not get any attempt from outside. (so why the hell did this happens on my system??, luckily the attempts are all unsuccessful)

[Wed Jan 31 23:00:33 2007] [error] [client xxx.xxx.xxx.xxx] File does not exist: c:/mrtg/wwwroot/scripts/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/winnt/system32/cmd.exe
[Wed Jan 31 23:00:33 2007] [error] [client xxx.xxx.xxx.xxx] File does not exist: c:/mrtg/wwwroot/scripts/../../../../../../../..//winnt/system32/cmd.exe
[Wed Jan 31 23:00:33 2007] [error] [client xxx.xxx.xxx.xxx] File does not exist: c:/mrtg/wwwroot/iisadmpwd/../../../../../../../..//winnt/system32/cmd.exe
[Wed Jan 31 23:00:33 2007] [error] [client xxx.xxx.xxx.xxx] File does not exist: c:/mrtg/wwwroot/msadc/../../../../../../../..//winnt/system32/cmd.exe
[Wed Jan 31 23:00:33 2007] [error] [client xxx.xxx.xxx.xxx] (2)No such file or directory: script not found or unable to stat: c:/mrtg/apache/cgi-bin/../../../../../../../../

Now that looks like a nice attempt by a script kiddie.

2. This could have been prevented if had installed an application based firewall.
Currently I run Comodo version (which is beta) and should not be used because sometimes the configuration goes a wall. But you can save your config file if its ok and when it goes a-wall you simply reload the config file. This is a bit of a hassle but hey you get something nice back.

Comodo (current beta =
The new beta will address the config loss problem.
Opening a port on comodo can be quite tricky and this might be a problem for the regular home user who only wants to download a nice torrent file.

This option has been put away under firewall settings / advanced / network security / global rules. Took me 15 minutes to find it.

Comodo beta comes also equipped with defense+ which is an HIPS (Host based intrusion protection) This feature can work on your nerves as it really can ask your ears off.
But that is quite easy to solve by adjusting the settings.

3. Comodo comes equipped with a HIPS but I now run Threatfire on my PC. (because comodo asks your ears off)
Threatfire was formerly known as the artist Cyberhawk.
I love it, it tells you when something fishy is going on. It doesn't ask your ears of like comodo defense+. I really think this is a necessary addon to your security.

4. Antivirus, most people do have an antivirus solution but forget to let it update.
Or they let the subscription run out, leaving the system open for new virusses.
I run Avast on my machine, you can request a free serial for updates.
Avast runs pretty flawlessly on my system and doesn't render my pc useless when doing a scan like Kaspersky does.

5. Anti Spyware, I run Spyware Terminator and I'm really pleased about it.
There isnt much you can say about other then it really protects your system.
Hmm I went in again in the settings and it seems that it has now suddenly gained an HIPS as well. I've turned it on and I'll see if it is any good.
I will let you know in a few hours.

All of these security doesn't take more then 25 mb of memory which is quite acceptable.

I hope this makes your pc and home network a bit safer without crippling your systems.


Comodo Firewall.
Spyware Terminator

No comments: