Welcome! Log In Create A New Profile

Advanced

Bulletproof Windows

Posted by WhiteHat 
Bulletproof Windows
April 01, 2014 09:22PM
Bulletproof Windows - tunnel through Host into virtual machine (placed in RAM Disk)

The key: changing windows 7 firewall from blacklist to whitelist - allow only DNS and VPC

Enable all Profiles (domain, privat, public) deny everything.
Delete all inbound and outbound rules.
Add only 2 or 3 outbound rules, DNS allowed, VM allowed, SvcHost allowed for updates.
Install virtual machine (VPC or others) with XP-mode (or ...)
Install Browser and other internet progs in VM

Now all traffic is tunneled through host into VM.
Host Windows isn't connected to internet (may be e.g. Thunderbird is allowed too).
No access to host from VM because of NAT VM network setup.
No matter of threats, vulnerabilities, trojans, VM can reset by restore point, or can be copied from "c:\program files\microsoft virtual..." into Ramdrive at boot startup and work from Ramdrive. So there is a forced hard reset after reboot. HTML5 can do anything at xp mode and also malware can survive only one session until shutdown.

May be use for windows updates after patch day 2 different policies configurations (or more for several purposes):
Locked Windows Setup without svchost:
Setup firewall settings - then In the right pane, click Export Policy. Save to e.g. ...\FirewallLocked.wfw
Windows Setup for updates:
Setup firewall settings with svchost - then In the right pane, click Export Policy. Save to ...\FirewallUpdates.wfw
Create one batch file for each, save as FirewallLocked.bat and FirewallUpdates.bat: "netsh advfirewall import ...\FirewallLocked.wfw(or FirewallUpdates.wfw)"

Blacklist ---> Whitelist
Advanced Settings on the left-hand side of Windows Firewall, then click Properties - Home network with Public profile
Domain Profile tab - Firewall state: On - Inbounds connections: Block all - Outbounds connections: Block - Specify settings that control windows Firewall behavior: Customize - Allow unicast response: No
Private Profile tab - Firewall state: On - Inbounds connections: Block all - Outbounds connections: Block - Specify settings that control windows Firewall behavior: Customize - Allow unicast response: No
Public Profile tab - Firewall state: On - Inbounds connections: Block all - Outbounds connections: Block - Specify settings that control windows Firewall behavior: Customize - Allow unicast response: Yes
Locked Windows with services blocked (svchost, cryptsvc, ...)
1. new outbound Rule DNS - Custom - all programs - UDP - Port 53 - allow - public - name
2. new outbound Rule e.g. vpc - Custom - this program path - c:\windows\system32\vpc.exe - all - allow - public - name
3. new outbound Rule Services - Custom - Servives - Customize - Apply to services only - all - all - block - name

First always, backup image of c:\ . The name of the game is try and error. So it's possible to reset the system until everything works fine.
[www.paragon-software.com]

Monitor Firewall status and enable if off (task ev. 1 min.)

Option Explicit
'Create Shell object
Dim objShell
set objShell = CreateObject("Shell.Application")
'Declare Firewall variables
Dim fwMgr
Dim profile
' Firewall objects have to be created after making sure
' the service is running. If the service isn't running,
' the script will fail.
' Create the firewall manager object.
Set fwMgr = CreateObject("HNetCfg.FwMgr")
' Get the current profile for the local firewall policy.
Set profile = fwMgr.LocalPolicy.CurrentProfile
If profile.FirewallEnabled = TRUE Then
Wscript.Quit
End If
WScript.Echo("Firewall Enabled: " & profile.FirewallEnabled)
'Verify that the Firewall is enabled. If it isn't, then enable it.
If profile.FirewallEnabled = FALSE Then
dim shell
set shell=createobject("wscript.shell")
shell.run "Firewall_ein.bat"
End If
wscript.sleep 3000
Set fwMgr = CreateObject("HNetCfg.FwMgr")
Set profile = fwMgr.LocalPolicy.CurrentProfile
WScript.Echo("Firewall Enabled: " & profile.FirewallEnabled)



Edited 11 time(s). Last edit at 05/27/2014 10:15AM by WhiteHat.
Re: Bulletproof Windows
April 13, 2014 09:21AM
The same with windows 8, tunnel internet into virtual machine.

MS VM Hyper-V in Windows 8, 8.1, ...

[blogs.technet.com]

[www.youtube.com]

Hyper-V requirements:
- AMD or Intel 64-bit processor that supports Second Level Address Translation (SLAT)
- processor supports virtualization
- Windows 8 Pro and 64 bit

+ turn on dynamic memory
+ set up 'Virtual Switch in Hyper-V Manager'



Edited 3 time(s). Last edit at 05/24/2014 10:37AM by WhiteHat.
Re: Bulletproof Windows
April 16, 2014 11:18AM
How use Windows XP PC with all progs forever with internet
Recommendation: Mobo 800 bus with 800 RAM 2GB or more and 2x2.6GHz or more CPU

[www.youtube.com]
[www.youtube.com]

1. Backup the system c:\
[www.paragon-software.com]
2. Download VirtualPC2007Sp1.exe
[www.microsoft.com]
3. Download KB958162.msp Bug Fixes of VirtualPC2007
[support.microsoft.com]
4. ask Windows 7 user without XP-Mode to download and install, it will be usefull for them too, then copy "Windows XP Mode base.vhd" to XP PC and change read only permission (also [www.microsoft.com] first on Win7 PC) (works on Win7 Home Premium either, with trick).
[www.microsoft.com]

Install
1. VirtualPC2007
2. KB958162.msp after VirtualPC!
3. XP-Mode (http://www.youtube.com/watch?v=Pcg8sX_iik4)

Install additions or features from machine.
Disable headline and bottomline of the virtual machine in settings for more efficient screen.
Save first overall install of virtual machine to bring function of reset by batch del and robocopy into the machine.
Use Gavotte Ramdisk, if enough RAM is there and copy VM into R:\

I installed XP from CD into VirtualPC2007, so don't know, if all will work with XP-Mode as seen Youtube.
I installed XP-Mode base.vhd and it works perfekt.

Batch for shutdown XP-Mode inside virtualPC-XP: c:\windows\system32\shutdown /s /t 00 /f
or better set close button to 'power off' turn off. Then everything is gone without saving.

Tried with on old PC with 667 2GB RAM and 2x2.2GHZ CPU, it works - no BSOD no problems.



Edited 4 time(s). Last edit at 05/24/2014 10:40AM by WhiteHat.
Sorry, only registered users may post in this forum.

Click here to login