Welcome! Log In Create A New Profile

Advanced

Overall Security Strategies -- The Addressing "Layer"

Posted by Anonymous User 
Anonymous User
Overall Security Strategies -- The Addressing "Layer"
October 25, 2010 10:37AM
I need help understanding combined security strategies that incorporate PeerBlock. I'm trying to rationalize PeerBlock as a layer of security I have previously been unaware. Allow me to first categorize the layers of security in the following outline and then ask a few questions.
----------------
Computer Security

I. Behavioral
..A. Awareness & Common Sense (Don't open unknown items.)
..B. Updated Software (Fully patched.)
..C. Recovery Schemes (On-site and off-site backups.)
..D. Physical Access (Limit users and secure wireless access.)

II. Anti-malware
..A. Virus
..B. Trojan
..C. Root Kits
..D. Key Loggers

III. Access Control (Firewalls)
..A. Hardware Firewalls (Routers)
..B. Software Firewalls
....1. Port Blocking
....2. Application Control
....3. Address Control << PeerBlock

IV. Virtualization (Sandboxing)

V. Monitoring
..A. Tracking file changes
..B. Hash code validation

VI. Encryption
----------------

Prior to my discovering PeerBlock ... I thought of firewalls as groupings of allowed application-port pairings.

Now, If I am starting to really "get it" with regards to PeerBlock, I see addressing permissions as a key security control component. A firewall behavior not associated with applications ... but simply "who" or what addresses are allowed or disallowed.

Interesting to emphasize that a multi-layered approach to security is favored by the experts.

Questions:

1) PeerBlock is a layer of security all to itself?

2) There should be no conflict between PeerBlock and typical port blocking firewalls?

3) Can you make recommendations for application-port control type firewalls that work well with PeerBlock? The longer the list the better!

-----------
After resolving the above .... please allow me to simply add to this thread some forth coming discussion and questions. My thinking being a single location of my rambling learning of PeerBlock will help me and hopefully others too.
Re: Overall Security Strategies -- The Addressing "Layer"
October 25, 2010 10:55PM
avatar
Yes, PeerBlock is like a firewall . . . but different.  Regular firewalls control what on your machine can talk to the internet, whereas PeerBlock lets you control what other machines your computer talks to.  They both operate on a similar layer, just providing different types of services. 

As far as conflicts go, the biggest issue we generally have is with MacAfee on XP.  Their IP-filtering driver is the same "type" of driver as ours is, and Windows only permits one driver of that type to be active at a time . . . so it's either them or us.  For myself, I use Comodo's free firewall program, and have not had any problems with interactions between it and PeerBlock.

        ---  Mark  ---




Lead developer of PeerBlock
Anonymous User
Re: Overall Security Strategies -- The Addressing "Layer"
November 01, 2010 06:11AM
MarkSide --

Thank you for the reply and information. I usually respond faster but a hard drive failure has caused me much grief and delay in returning here.

The firewall information is very helpful. I was aiming at trying OnlineArmor but they refuse to provide an archived version that works with my no longer Microsoft supported Win2k and there are no archival sites that I have found. I next zeroed in on Comodo Firewall and had downloaded it but not yet installed when your reply by coincidence pointed in the same direction. The hard drive failure prompted me to upgrade to Win XP Pro sp3 with very near plans to jump to Win 7 - 32bit. With XP came "Windows Firewall" and I have zero experience with using it. Any opinions on it will be appreciated as well.

The down time gave me time to reflect a bit on PeerBlock; however, I am a bit slow to grasp the big picture at times ... but typically retain the understanding once I "get it". By nature I want to block everything and provide a permissions list. This is certainly possible with PeerBlock but does not seem to be a popular mode of operation. I need to browse the forum more and focus on why the "exclude the bad guys" approach is the overwhelming favorite mode of operation.

I am a bit amazed at how sizable the exclusion lists are and curious about the impact upon memory resources and throughput speed. Seems to me the exclusion mode puts you behind the curve and "reactionary". The bad guys simple have to keep on the move and addresses might could be scheduled ahead of time. The huge amount of work many put into creating the lists certainly indicates their authors are convinced that mode is preferred. I simply don't yet "get it" ... but will eventually and this forum will play a huge roll in my gaining the understanding.

------------
BTW folks -- My hastily thrown together outline has undoubtedly many gaping holes. One such hole is my omission of using Host files. The browser level control and the exclusionary nature of Host files seems similar in concept but vastly inferior to the machine level control provided by PeerBlock when utilizing exclusion lists ... but again I am just learning and this statement is really about 98% a question that needs confirmation from some gurus.

Cheers!
Anonymous User
Re: Overall Security Strategies -- The Addressing "Layer"
November 01, 2010 01:08PM
I hate to say this but one of the things about security is staying updated, so despite Microsoft releasing XP, Vista, and Win 7 you were still using W2K until recently!
I tried Win 7 as soon as it was available as a beta and was very impressed but generally i give it a year for a new MS OS to get all the bugs removed and allow software writers time to do the same so have only just changed.
The XP firewall is ok but the complaint everyone seems to have is it only monitors incoming trafffic anything installed on the PC it assumes is safe so useless for trojans and other malware that has sneeked past you. I know people have all sorts of browser/firewall/Av combinations that they claim are foolproof but generally i prefer paid for apps to freeware and i only use Opera browser for 90%+ of my browsing on the principle that if you are writing malware to compromise a browsers security then who is going to target Opera's sub 5% of the browser market

So suggestions dump the XP firewall and don't use IE or Firefox



Edited 1 time(s). Last edit at 11/01/2010 01:10PM by ziggy1001.
Anonymous User
Re: Overall Security Strategies -- The Addressing "Layer"
November 04, 2010 07:26AM
ziggy1001 --

( Note: Below my ramblings is a more specific question concerning PeerBlock. )

You are absolutely right about my stubbornly hanging onto Win2k. I guess the cause is the fear of the unknown. Formatting hard drives and installing the OS was hugely intimidating ... I avoided it like the plague as much as possible. Recently I was forced to do a system rebuild and now find the process is much more refined than in years past. I will be much more likely to keep up-to-date from this point forward.

Now I'm playing catch up and its certainly a challenge. The freeware offerings today are amazing. I am thrilled to find PeerBlock and love the fact it is open source. Like so many others ... I'm looking for the mystical best combination of freeware security tools. This freeware quest for me is a protest statement of sorts against Symantec (and similar) as well a challenge that forces me to learn way beyond simply doling out the cash and trusting one suite of tools to keep me safe and ignorant.

As of now ... here's the combo I'm using:

1) PeerBlock

2) Avast5 AntiVirus.

3) Comodo's freeware firewall. (Have now disabled Windows firewall.)

4) NoScript with Firefox. (Had a nightmare with NoScript but worked my way through it and now like the awareness and control it provides.)

5) MVPS Hosts file (with HostsMan 3.2.73)

6) MalwareBytes' Anti-Malware (free version -- manual scans)

I'm looking for additions and certainly open to recommendations. I'm particularly interested in finding some type of file monitor that tracks hash codes of dll and other executable files and warns when any changes occur.

======================================

I really like the logging features of PeerBlock ... but find myself lacking skills to determine if the traffic is legit or not. Most likely I am just very confused ... but it seems to me several legit programs have their actions obscured by vague descriptions and being bundled together under a common name? Is there a step-by-step guide detailing how to analyze the traffic? Which specific application is initiating the traffic? Perhaps a list of acceptable applications that run in the background?

PeerBlock has captured the traffic data and presents it superbly ... now if only I could acquire the skills to analyze it thoroughly and recognize potential vulnerabilities

Thanks for any help towards demystifying those traffic logs.
Anonymous User
Re: Overall Security Strategies -- The Addressing "Layer"
November 04, 2010 08:33AM
This tool gives a bit more info about running processes than the standard windows task manager

Process Explorer v12.04

and this is quite good for seeing which programs are connected to the internet IP addresses & ports used

CurrPorts 1.83

"CurrPorts will display the list of all currently opened TCP/IP and UDP ports on your PC. For each port in the list, information about the process that opened the port is also displayed

Are you familiar with msconfig?

If not have a look at this page

How to use MSCONFIG in Windows XP

That's XP specific but is pretty much the same on all MS OS's

Trying to analyse all this is a bit more tricky an awful lot of programs put themselves in the start menu which is totally unnecessary as all they do is use up resources and start up no faster for being there

As to checking out every program that is connected to the internet and who it is connected to well that takes a lot of googling!

The list of acceptable applications that run in the background is really up to you and your individual needs

The best way to do it is if you don't know what a program listed in for example the msconfig startup menu is or what it does is to look at the command details and google the .exe file name

For example jusched.exe finds

What is jusched.exe And Why Is It Running?

P.S if find MalwareBytes' Anti-Malware an excellent freeware tool -winking smiley

If you want an idea of how much windows runs in the background just to provide the ability to use all the programs that the OS can run have a look at

[www.blackviper.com]

It details all of the services on XP 32bit



Edited 1 time(s). Last edit at 11/04/2010 09:18AM by ziggy1001.
Anonymous User
Re: Overall Security Strategies -- The Addressing "Layer"
November 04, 2010 01:39PM
ziggy1001 --

Thank you very much for those awesome links.

I have just recently scratched the surface of Sysinternals and I'll very soon be digging into that Process Explorer and the other links you provided.

Currently I am getting my feet wet making HDD images using:
Paragon's Backup & Recovery 2010 Free Advanced.
(whew ... that's a mouthful of title)

I've been backing up emails and data files for years ... but regrettably I had never taken the time to learn how to make images of full disks and partitions. Incorporating images into my routine will greatly enhance many aspects of my computer proficiency and ability to try things with less fear of disaster. Not having this skill has really been holding me back ... but I'm finally getting much more serious about overall security and becoming proficient with both hardware and software. I've recently put together the specs for my first ever built-from-scratch computer and hope to do this within the next few months. Also, just a few hours ago I ordered Win 7 Ultimate Full that comes with both 32 bit and 64 bit installation ... so I will not be lagging behind the curve for much longer.

I've got a lot to learn before I can feel I've raised my skills to the next level ... and after that I'll aim higher again. The help you've already given me will play a part in my endeavor.

I now have a "ziggy" folder in my favorites with the links you provided. Its a fun way for me to organize and remember those I meet online.

Many thanks again.
Anonymous User
Re: Overall Security Strategies -- The Addressing "Layer"
November 05, 2010 08:06AM
My pleasure -winking smiley
TBH if you put the right search queries into google just about any question on how an OS or the internet works can be answered you just have to find reliable sources, there are a plethora of sites with for example crap "Speed up windows" tips.
The only problem you might of noticed with say the Black viper service guide is that with all things computing it can get very specialised and extremely complex the more you delve into it. But having said that it's like most security precautions if you get the basics in place that will be a good enough deterrent as there will be 100 easier targets for the bad guys to attack

here's another one for your folder

Welcome to ShieldsUP!

Just click the proceed button and then check all service ports always worth checking your firewall is working AOK



Edited 1 time(s). Last edit at 11/05/2010 11:17AM by ziggy1001.
Sorry, only registered users may post in this forum.

Click here to login