The Cyber Security Thread

[jyl]

I'd like to talk about what you do to guard against cyber-threats e.g. hacking, data theft, email interception, password compromise, ransomware, etc.

This is in your home or small business. Not asking what big companies with lots of IT staff do.

Do you, for example:
- Use a hardware firewall or other security device on your network?
- Run certain software security or anti-malware apps?
- Routinely connect through VPNs when not at home/office? or always?
- Regularly encrypt emails or attachments?
- Encrypt local storage or cloud storage, backups, etc?
- Use precautions or special process for inbound communications?
- Have a password or 2FA strategy or helper apps?

How do you do it - e.g. if you use a security device or email encryption, which ones?

[id10t]

Home connection firewall is a Linux box running iptables. Kids and wife are on separate subnet from me. Routes from my subnet to theirs but not vice versa.

Email - I run my own server. Use SSL for all connections, reject unsecured connections, reject based on SPIF and DKIM records. Use address extension, so each business gets their own unique email on-the-fly. Easy to tell who sells the addresses, who gets hacked, etc.

I don't even use a VPN to connect to work stuff - I just ssh in and tunnel over the SSH connection. If you are wondering why, the VPN client work uses wants to replace the core SSL libraries on my Linux desktop and laptop with a non-Free version. Ain't happening, as this will affect ALL software on my system. As a bonus, the SSH tunnel is faster, and more reliable.

[John Rogers]

For many years now I have done the following:
1. Use the firewall w/new login/passwork on my AT&T box with NO connections except to my ASUS router
2. My ASUS router is set with a new user to replace "administrator" and a password that gets changed every 4 months.
3. Have the ASUS setup to only allow known users or hardware to connect by their hardware address.
4. When adding a new user/hardware such as the new video recorder and the 8 wireless cameras I get the info and manually add it to the ASUS router box.
5. Use the same antivirus for years, in my case Norton 360 set to auto scan any incoming bits and bytes for bad stuff.
6. Block email from unknown sources and NEVER open an email with any links unless it is from a person such as my VA helper.
7. If I want to get books or movies or ????? I use what is called "usenet" or a "news" server and the Norton watches all I do.

Lastly I clean out my web browser or history, searches and cookies 3 times a week.
John

[masraum]

Quote:

Originally Posted by jyl

I'd like to talk about what you do to guard against cyber-threats e.g. hacking, data theft, email interception, password compromise, ransomware, etc.

This is in your home or small business. Not asking what big companies with lots of IT staff do.

Do you, for example:
- Use a hardware firewall or other security device on your network?
I have one, but don't use it. I might. My current router has a built in firewall
- Run certain software security or anti-malware apps?
when I was on Windows, I ran their free malware defender or whatever it's called. On my Mac now, nothing.
- Routinely connect through VPNs when not at home/office? or always?
no vpn
- Regularly encrypt emails or attachments?
nope
- Encrypt local storage or cloud storage, backups, etc?
nope
- Use precautions or special process for inbound communications?
I don't have any inbound. When I did I was able to VPN into my network and I had a firewall with specific inbound rules.
- Have a password or 2FA strategy or helper apps?
TFA for places that offer it. A regular password (not even a good one) on my PC. Websites get decent passwords.

How do you do it - e.g. if you use a security device or email encryption, which ones?

I run pihole to block bad/questionable domains.

I run no script and ublock origin. I primarily run Firefox then if something doesn't work, I'll check Chrome, and then if I have to, I'll check Safari (or when I had Windows, IE)

Now on my Mac, I do something that I'd never done on my Windows box. My regular login does NOT have admin rights. I have a separate admin account.

When I ran windows, I'd go through and "harden" it by disabling any services that I didn't need (so much crap is turned on by default). On top of closing some holes, the machine generally runs better.

[masraum]

Quote:

Originally Posted by John Rogers

For many years now I have done the following:
1. Use the firewall w/new login/passwork on my AT&T box with NO connections except to my ASUS router
2. My ASUS router is set with a new user to replace "administrator" and a password that gets changed every 4 months.
3. Have the ASUS setup to only allow known users or hardware to connect by their hardware address.
4. When adding a new user/hardware such as the new video recorder and the 8 wireless cameras I get the info and manually add it to the ASUS router box.
5. Use the same antivirus for years, in my case Norton 360 set to auto scan any incoming bits and bytes for bad stuff.
6. Block email from unknown sources and NEVER open an email with any links unless it is from a person such as my VA helper.
7. If I want to get books or movies or ????? I use what is called "usenet" or a "news" server and the Norton watches all I do.

Lastly I clean out my web browser or history, searches and cookies 3 times a week.
John

Wow, well done!

Funny thing is that I work in IT, specifically networks, and have supported security and firewalls for many, many years.

I haven't run a commercial AVS like Norton, McAfee, etc... for many, many years (probably 20) and haven't had an issue in as long.

[930addict]

Quote:

Originally Posted by masraum

Wow, well done!

Funny thing is that I work in IT, specifically networks, and have supported security and firewalls for many, many years.

I haven't run a commercial AVS like Norton, McAfee, etc... for many, many years (probably 20) and haven't had an issue in as long.

Same here. Just retired after 23 years in IT. Masters Degree in Cybersecurity and Information Assurance. Don’t do anything special for home network. No Antivirus for over 20 years and have had no issues. Not much to protect at home. Biggest threat to security is human behavior so wife and I have educated kids on how to be responsible. I do have their iPhones locked down with content restrictions and block certain websites (including adult content). No access to facebook, tiktok, twitter, reddit among others and their phones basically brick at 9pm when we go to bed except ability to call specific phone numbers in case of emergency. Phones not allowed in their rooms.

All online services like banks, email, shopping etc use mfa. If they don’t offer mfa then the accounts get very strong passwords. But these days all vital online services that we use has mfa. Only access online accounts through home network. I do use vpn on my phone.

For email only emails from contacts go to my in box. Everything else goes to junk. If I’m expecting email from non-contact then I scan for that in junk and ignore the rest.

I had a virus lab used for research in a stand alone virtual environment that is isolated from my network via firewall but that’s been turned off for a few years.

[stomachmonkey]

I enforce a lot of stuff on my end users mostly because they are stupid.

It seems the more we do to protect us from them the stupider they get.

The simple answer is, stop being ****ing stupid.

It's not that hard.

[sc_rufctr]

I use Linux Mint on my laptop and some "additional security" (that I wont discuss online) built into my router.

This is not mean to be Microsoft bashing but having supported them for years I will never use their products.
- Total garbage as far as security goes.

[JackDidley]

Quote:

Originally Posted by sc_rufctr

I use Linux Mint on my laptop and some "additional security" (that I wont discuss online) built into my router.

This is not mean to be Microsoft bashing but having supported them for years I will never use their products.
- Total garbage as far as security goes.

I also use Mint. A couple other linux partitions, just for fun also. Mint has a firewall built in. Pretty much dont stay logged in to any site that would be of intrest to hackers and dont save log ins on sites. I have a bunch of passwords. That way if one site gets hacked the only password that can be had is the one for that site. I am not really worried about virus attacks. I can wipe and reinstall a linux system in minutes. And, Ive never had a virus on linux.

[sc_rufctr]

I've heard there are viruses written for Linux but I've never had a problem.

[Scott R]

Quote:

Originally Posted by sc_rufctr

I've heard there are viruses written for Linux but I've never had a problem.

Exploits are OS independent.

[masraum]

Quote:

Originally Posted by Scott R

Exploits are OS independent.

Not strictly true. Some exploits are OS independent, others are very dependent. It depends upon the exploit.

For instance, the "log4j" exploit that sent the world into a tizzy just before Christmas last year was OS independent. There are plenty of items that are OS dependent or even application dependent. It just depends upon the exploit.
https://www.pcmag.com/how-to/what-is-the-log4j-exploit-and-what-can-you-do-to-stay-safe

Quote:

When there’s a security hole in an operating system or a popular browser, it typically affects just the users of that operating system or that browser. The publisher works up a new version that patches the hole, pushes out an update, and all’s well.

Log4j is different. It’s not an operating system, or a browser, or even a program. Rather, it’s what coders call a library, or a package, or a code module. It serves one purpose—keeping a log of what happens on a server.

People writing code want to focus on what makes their program unique. They don’t want to re-invent the wheel. So, they rely on endless libraries of existing code, such as Log4j. The Log4j module comes from Apache, which is the most widely used web server software. And that’s why it’s found on millions of servers.

[Scott R]

Quote:

Originally Posted by masraum

Not strictly true. Some exploits are OS independent, others are very dependent. It depends upon the exploit.

For instance, the "log4j" exploit that sent the world into a tizzy just before Christmas last year was OS independent. There are plenty of items that are OS dependent or even application dependent. It just depends upon the exploit.
https://www.pcmag.com/how-to/what-is-the-log4j-exploit-and-what-can-you-do-to-stay-safe

That was anything that ran Apache, from Windows, to Linux to Sun, to P-series.

[masraum]

Quote:

Originally Posted by Scott R

That was anything that ran Apache, from Windows, to Linux to Sun, to P-series.

Yes, log4j was, I know, we had to confirm that ever piece of network kit that we had was not impacted.

The point of posting was more about the first section that I've bolded. If any OS, computer [mac, win, *nix], cisco, firewalls, juniper, etc.... used the offending library/package/module, then it was impacted.

But there are plenty of holes that ONLY affect windows or iPhone IOS or android or....

Quote:

When there’s a security hole in an operating system or a popular browser, it typically affects just the users of that operating system or that browser. The publisher works up a new version that patches the hole, pushes out an update, and all’s well.

Log4j is different. It’s not an operating system, or a browser, or even a program. Rather, it’s what coders call a library, or a package, or a code module. It serves one purpose—keeping a log of what happens on a server.

People writing code want to focus on what makes their program unique. They don’t want to re-invent the wheel. So, they rely on endless libraries of existing code, such as Log4j. The Log4j module comes from Apache, which is the most widely used web server software. And that’s why it’s found on millions of servers.

[Scott R]

The good exploits, the truly impactful ones, are OS ambiguous.

[stealthn]

How much time do you have?

Layers upon layers of protection, password app and MFA for everything. Firewall, AI based EDR, network and device anomaly detection, Umbrella DNS protection, mail protection, cloud to cloud backups, the list goes on and on, but I am in the business.

[Scott R]

Quote:

Originally Posted by stealthn

How much time do you have?

Layers upon layers of protection, password app and MFA for everything. Firewall, AI based EDR, network and device anomaly detection, Umbrella DNS protection, mail protection, cloud to cloud backups, the list goes on and on, but I am in the business.

My clients do not get hacked. There are huge policies on the table. If I fail (and I haven't yet, I would be ruined.)

[masraum]

Quote:

Originally Posted by stealthn

How much time do you have?

Layers upon layers of protection, password app and MFA for everything. Firewall, AI based EDR, network and device anomaly detection, Umbrella DNS protection, mail protection, cloud to cloud backups, the list goes on and on, but I am in the business.

On your home network? Is it because your home network is also your lab?

[stealthn]

Quote:

Originally Posted by masraum

On your home network? Is it because your home network is also your lab?

Sort of; I use the equipment we sell to clients, so I eat my own dog food.

[sc_rufctr]

Quote:

Originally Posted by Scott R

Exploits are OS independent.

Thanks Scott but as I said I've never had a problem.