Saturday, April 20, 2013

Umbra Concept of Layered Config

Because many users asked me how to set up a very tight config , so i will simply give a short "blueprint". i am using all the layers below.

note: if you like simplicity, stop reading now ^^

I will organize the layers by starting from the OS to the topmost layer, simulating a fresh installation of my OS.

1- Updating your Operating System and softwares (Important)

the first layer is your system aka your OS , it must be up-to-date all the time, every day new flaws are identified and corrected by the developers of your OS, don't be lazy, just do it.

"Most security issues are related to vulnerabilities in the operating system. As these flaws are discovered software companies release patches and updates to protect you from the security holes. "

For Windows 7 users, you can install right away EMET  aka Enhanced Mitigation Experience Toolkit (from Microsoft) to harden your softwares.

2- Imaging Backup (Important)

First thing to do after installing your OS and before browsing the net is to do a clean backup of your system.
no system must be without a imaging backup solution, so if all of the layers below fails, you still get back your system

3- Rollback (for paranoid users)

Rollback RX and Returnil are the mostly known program to do it, it is a fastest and more secure "system restore" because  it take a complete snapshot of your system (unlike Windows' Restore Points that save only parts of the system) and allow you to save/restore it in a minute
note that rollback softs don't fit well with installed imaging programs.
On my Config, it is the first thing i installed after doing a backup, so i will have a clean "baseline" from where i can test/install/update things knowing i can revert to a clean state if something goes wrong.
note that rollback softwares are not recommended to use with an  [b]installed [/b]imaging backup software.

4- Light Virtualization (for paranoid users)

Light Virtualization softwares are mostly system-wide , they functions like sandboxes but affect your whole system, isolating any changes in your system after their activation until the reboot; so you can test malwares, softs, etc...
Shadow Defender, Timefreeze, Deepfreeze are the most famous ones, in my case i use Shadow Defender on boot.

5- Sandboxes

Sandboxes are programs that virtualize what is run inside them isolating them from yourr real system.
they are mainly used with browsers so if you catch a malware on a malicious website , it will not affect you.
Sandboxie or Bufferzone are the most famous one.
i install Sandboxie before going into internet and use it to isolated my browsing in search of softwares to install. so im sure i will not be infected.

6- Secured DNS

DNS servers are like adresses books of the web, Your Internet provider gave you a basic DNS server to allow you to surf, some vendors like Norton/Comodo removes malicious websites adresses giving you more security while browsing.
i change my default DNS to a secure one also before browsing to minimize the risks.

7- Firewall (Important)

to secure my system a bit more before browsing, i install the Firewall before the Anti-Virus.
A firewall will monitor you inbound/outbound connections. I use them  to control what going out of my system (ex: trojan downloaders or rootkits calling home) rather than protect me from attackers (quite rare now if you are a common user without sensitive datas).

8- Main Antivirus (Important)

Now that my browsing is secured by the steps above, i can install my AV.
choose any AV you like (lighter is better) it will be your first line of defense against malwares, my favorites are Avast, AVG, ESET Nod32 or Emsisoft AM.

a- Web Filters/DNS checkers

Web Filters like "Panda Cloud URL filter" or "Bit Defender Trafficlight" will check/scan the website you visit for malicious code/script/executables  that may infect your system and block you from accessing it, some AVs incorporate them in them.

b- Behavior Blockers/HIPS

this will be one of your 0-days malware protection, some AV & Firewalls integrate them. Both are compatible and be used together.

BBs are more user-friendly since it will monitor the behavior of a process and ask for you only if it cant decide.

HIPS are more destined for advanced users since they ask for almost every processes events.

9- Companion Antivirus (for paranoid users)

in case your main AV misses some malwares , the companion will help filling the hole, they will also add some features your main AV may not have.  Emsisoft AM, webroot SA, Kingsoft AV , MBAM Pro are very good at that.

10- Anti-keyloggers (for paranoid users)

Programs like Keyscrambler , spyshelter, Zemana Antilogger protect your system from keyloggers that record your keystrokes and sent them to the cyber-criminals, mostly using your banking credentials.

so if your are an heavy online banking/shopping users , this kind of softwares will increase your security. note that most AVs detects keyloggers.

11- Browsers & addons

Now i can go surfing but since i want be totally protected i will choose to secure my surfing a bit.
Internet browsing are the main vector of infection so some browsers like Chrome offers many built-in secured features (integrated sandbox for flash player, pdf reader, etc..). Also you can improve your security by adding addons to them (HTTPs  everywhere, Ghostery, Noscripts, etc...)

12 - YOU  (Important)

The final and most important layer is YOU, yes, the user; you must have the right habits on what you do with your computer:

- Surf properly, don't go to suspicious websites and check the website you go is the real one.
- Download smartly, always download from the vendor websites or at least a reecognized and legitimate website.
- Don't run files of a unknown USB you found, check them first.
- Don't use Crack/keygens outside a virtualized application.
- Don't give your credentials to anyone even your family members, i can tell you stories how i got credentials by doing social engineering.

Final Note: 

If you follow the steps above, you will greatly minimize the risks to be infected and loose your system and datas.note that some suite incorporate many of the element above.

Personally, when i boot, my system is right away virtualized under Shadow Defender, then my AVs/FW load, then i can go surfing with Chrome isolated by Sandboxie.

hope i helped you :D

No comments:

Post a Comment