Your current security setup?

SephStorm

I started thinking again today, at setting up a multi-layered defense at home. Not out of any real need, but just a desire. I've always wanted to try out some good combos, combining software to make a near unbeatable home security combo. So does anyone have any suggestions? Security software reviews are out, so feel free to use that data, as well as your personal testing. Keep in mind, I run a primarily windows environment.

Categories I am particularly interested in:
Firewall
Proxy
HIDS/PS
NIDS/PS
Anti-malware
any software to manage all the data from the various tools.

Expect

Do you have any lab set up at home you wish to protect? do you host a web server / file server at home? any kind of network services exposed to the wan?
if not, then I'm not sure I see any value in it except for hands on practice, of course it's nice to protect your network, but if you're not running anything critical, then the chances are you will not get hacked if you're an advanced user.
anyways, for the sake of the thread, except the router firewall with WPA2 wifi enabled, and local updated anti viruses on the 2 laptops, I don't have anything special.
1 laptop runs regular school stuff of my GF, and my computer has penetration tools and environments on it.

lsud00d

Some good/free suggestions I have are the following:
Proxy: Squid
IDS/IPS: Snort
Anti-malware: Malwarebytes
Log management: Splunk
Malware analysis: sandboxed Cuckoo

I've dealt with various software/hardware based firewalls but they're all proprietary so aside from Windows firewall/'Nix IPTables, I am not familiar with any open source firewall to play with

proph21

For a firewall, I have used comodo before and have also read good things about it. Eventually, I switched back to good ole windows firewall
IDS - Snort
Anti-malware - I use malwarebytes pro edition. Love it and see it recommended all over the place as a personal anti-malware program (their free edition is good too)
I usually don't use proxies, but a VPN. However, I have played around with Tor for web browsing and it is pretty neat.

Some other things to consider are system hardening techniques as well as wireless security (if you are using wireless). Typical best practices for wireless can include disabling SSID and using WPAv2 since WEP has known weaknesses. Also, always remember to make strong passwords . lowercase and upper case, min 8 chars, numbers, symbols, the whole shabang.

Sorry for the bleh response. I am short on time, but just wanted to give 2 cents on this topic.

elderkai

Lots of people like the pf firewall from BSD, so that might be worth a try.

wes allen

Security Onion: Security Onion is a Linux distro for IDS, NSM, and log management

chaser7783

Firewall - PfSense
NIDS - Snort + snorby
HIDS - Ossec (OSSEC | Home | Open Source SECurity)
Log Manager - Splunk
Anti-malware - Malwarebytes
Malware Analysis - Proxmox VM running diff versions of OS with fakenet installed.

one thing I want to try is get a Firebox X700 device and install pfsense on it. ( Successful Install on Watchguard Firebox X700!)

paul78

Some of the things that I use/play with:

Remote access: OpenVPN
Vulnerability scanner: OpenVAS
Firewall: M0nowall
IDS: Snort
Mail scanning: ClamAV (I don't use it anymore but I've deployed it in the past)
SIEM: Started playing around with OSSIM

SephStorm

thanks all. One thing i've never understood is Ossec. I've read into it a bit, but something hasn't clicked. Looking at the wiki article, I think it was the requirement for a Linux server. Throwing a few ideas around in my head. Big problem right now is the increase in my use of wireless. I'd have to move to wired only to make a realistic change over...

So a question, what front end would you use for snort on a windows system?

NovaHax

SephStorm wrote: »

I started thinking again today

Be careful doing that...it can be dangerous .

If you are looking for open-source options Snort and ClamAV are big ones.

For malware analysis, I've always just used VMs with a combination of system analysis (registry, memory ****, file system, listening and established connections) tools and network traffic analysis with Wireshark or TCPdump. You will get more out of it if you actually interact with it hands-on...instead of using trigger happy sandboxes that are built for the purpose of streamlining analysis by jumping through hoops (my personal opinion).

On the IDS side of things, I was at B-Sides DC this year and they had a demo for a pretty cool product that I hadn't seen before (and I see a lot of environments working in consulting). I haven't had a chance to play with it much since then but its open source, provides application layer inspection for a large number of protocols and is supposedly very flexible and interfaces with a lot of industry products. Might be worth looking into. Its called Bro-IDS (The Bro Network Security Monitor)

chaser7783

Site with some good security tool list.

ToolsWatch.org – The Hackers Arsenal Tools | Repository for vFeed and DPE Projects » 2013 Top Security Tools as Voted by ToolsWatch.org Readers

SephStorm

Ugh, OSSIM is going to be annoying. looks like I'll need a separate box to run it, I see some used VMWare, but I dont have ESXi per the requirements for the appliance. Any ideas?

chaser7783

I use proxmox for my virtual environment.

Virtualization

SephStorm

I just don't know if I can virtualize hardware that meets the specs... 8 gb ram, multi-core, multi-nic system. I could sacrifice a machine, but i'd have to move back to linux, which never lasts long in my world... I suppose I could dual boot.