What kind of layered security you use?

  • Thread starter Thread starter PerennialII
  • Start date Start date
  • Tags Tags
    Security
Click For Summary

Discussion Overview

The discussion revolves around the various security software and hardware setups that participants use for their systems. It includes considerations of effectiveness, reliability, and maintenance, with a focus on both personal and server security configurations.

Discussion Character

  • Exploratory
  • Technical explanation
  • Debate/contested

Main Points Raised

  • One participant relies on a combination of software including ZA Pro for firewall, Avast Pro for antivirus, and additional tools for spyware protection.
  • Another participant uses iptables, logging, and strong passwords, suggesting a hardened Linux kernel with SELinux for enhanced security.
  • A participant describes using Solaris for web and mail servers with a hardened configuration, and expresses interest in switching to OpenBSD for its pf firewall.
  • Discussion includes the security features of Plan 9, highlighting its user namespace and the absence of a traditional administrator user.
  • Some participants express interest in trying out Plan 9 and discuss its historical context and features.
  • One participant mentions using a disconnected laptop for document storage to enhance security, while another raises concerns about using NSA security platforms.
  • Concerns are raised about the practicality of using Sophos for virus protection due to update requirements on a dial-up connection.
  • Some participants express a more relaxed attitude towards security, suggesting that determined hackers could bypass their defenses.
  • Several participants mention using various antivirus and firewall solutions, including McAfee, Symantec, and WinPatrol, with varying degrees of satisfaction.

Areas of Agreement / Disagreement

Participants present a range of security setups and opinions, with no clear consensus on the best approach. Some express confidence in their methods, while others highlight potential vulnerabilities and limitations.

Contextual Notes

Participants mention various operating systems and configurations, with some expressing uncertainty about the effectiveness of their current security measures. The discussion reflects a mix of technical knowledge and personal experiences, with no definitive conclusions reached.

PerennialII
Science Advisor
Gold Member
Messages
900
Reaction score
1
Was wondering what kind of security software/hardware you're all running & what combination you think is best in terms of effectivity/reliability/maintenance (got some hardware updates to do, might as well update the system a bit if seen necessary)? ... on this pc I'm relying on software alone, ZA Pro for firewall, Avast Pro for antivirus, Adaware & SpyBot for spyware etc. stuff, peerguardian lite for bad ips (or sometimes ported the list to ZA) and processguard for overall execution etc. protection.
 
Computer science news on Phys.org
My security mainly consists of iptables ( http://www.netfilter.org/ ), some logging and good passwords. If I was ultra paranoid i'd be running a hardened linux kernel with SELinux (http://www.nsa.gov/selinux/) and AIDE (http://www.cs.tut.fi/~rammer/aide.html).
 
Last edited by a moderator:
I run Solaris on my web server (Apache with a hardened configuration) and mail server (Sendmail with an extra-hardened configuration). For firewalling, I use FreeBSD with the ipf firewall(awesome performance and nice syntax). If I had the time, I'd switch to OpenBSD and use their pf firewall implementation.

If I had even more time, I'd get my Plan 9 network back up and running. www.cs.bell-labs.com/plan9dist. Plan 9 is literally the most secure operating system. It's user namespace makes jails look like a thing of the past. There is no 'administrator user' as such. The only system that can see every namespace and change configuration files is the file server. A Plan 9 network is designed to have a file server (authentication server, too), CPU server (boots of a floppy disk), and clients that use the CPU server, access files off the file server, and authenicate off the file server.

Sun's 'Trusted Solaris' has a very similar implementation to user namespaces. In fact, Sun got the idea of user namespaces from Plan 9.
 
Last edited:
The Plan 9 website is so secure you can't even access it.
 
Interesting, same here, also.

Edit: The Bell Labs' Plan 9 site is back up.
 
Last edited:
Now that is security :)

My security consists of ZA firewall, and Symantec Anti-Virus. And my laptop, that is where i have all my documents, it is not connected to the internet, i take the data that i need either through an IP cable (whilst disconnected from the internet), or my USB flash memory, or a CD.
(could still get viruses to it, but i doubt that i would get any unwanted survaillence)
 
BTW, how secure would it be using a NSA security platform when they are just about the only one that is watching you? :)
 
If I had even more time, I'd get my Plan 9 network back up and running. www.cs.bell-labs.com/plan9dist. Plan 9 is literally the most secure operating system. It's user namespace makes jails look like a thing of the past. There is no 'administrator user' as such. The only system that can see every namespace and change configuration files is the file server. A Plan 9 network is designed to have a file server (authentication server, too), CPU server (boots of a floppy disk), and clients that use the CPU server, access files off the file server, and authenicate off the file server.

Would not mind giving this a try if could squeeze those couple of hours from somewhere ... some real networking.
 
Plan 9 has matured quite a bit. I started really using it in the early Release 4 days. I had 3 client systems, that each booted off of floppies and the file server. These client systems were also CPU servers. The fileserver, in turn, ran a Fossil file system and a Venti (something that runs on top of Fossil that keeps track of changes, you can make snapshots and return to those snapshots at a later point), and a secstore (an authenication management system that keeps track of telnet, ssh, vnc, and system passwords).

If you'd like to try out Plan 9 there is a VMware image in their downloads section. You could also download the ISO and boot off the image using VMware to do an install. All of the VMware hardware will be supported (with the exception of sound or anything relating to mulimedia, etc.) to use Plan 9.
 
Last edited:
  • #10
If you'd like to try out Plan 9 there is a VMware image in their downloads section. You could also download the ISO and boot off the image using VMware to do an install. All of the VMware hardware will be supported (with the exception of sound or anything relating to mulimedia, etc.) to use Plan 9.

Sounds good enough to give it a try ... thanks !
 
  • #11
I use the same security as in Mission Impossible, my supercomputer is in its own room, decible meters, thermal detectors, security lasers, can't touch the floor, mice in the ducts to scare people with.
 
  • #12
I have had some weird luck with firewalls for my home PC, so I don't know if I'll go down that road again. I am thinking about using Sophos for virus protection because we have a subscription for it at work (a university) that will extend to home use. The only problem is that it constantly pushes updates, and being only on dialup at home, I am worried that I'll spend the majority of my online time just downloading these updates. (I am too cheap to buy DSL, especially when I can just dial into the university's modem banks for free.)
 
  • #13
I don't bother much with security. I figure if someone is determined to hack my box they probably could. And being forced (ok, ok, "coerced") into running windows a good chunk of the time means it probably wouldn't matter anywa.

I probably should put up a firewall at my router but I don't have the funds for it as of now. Putting up a firewall at the OS level is a big hassle and I keep having to turn it off to do anything useful.
 
  • #14
dduardo said:
The Plan 9 website is so secure you can't even access it.

lol...that reminds me. The Russian gov once proclaimed their site as the most secure ever.
 
Last edited:
  • #15
I use Windows XP Pro so I need a lot of security.

I use McAfee for virus protection and it has worked quite well.
Zone Alarm I use for a firewall and that works, and it's free.
I also use a little program called WinPatrol. Nice little program.
 

Similar threads

Security Software Recommendations for WinXP
  • · Replies 3 ·
Replies
3
Views
2K
What can you do with a PS3 connected to the internet?
  • · Replies 4 ·
Replies
4
Views
3K