What kind of layered security you use?

  • Thread starter Thread starter PerennialII
  • Start date Start date
  • Tags Tags
    Security
AI Thread Summary
The discussion centers around various security software and hardware combinations for effective system protection. Users share their setups, highlighting a mix of software firewalls like ZoneAlarm (ZA) and antivirus solutions such as Avast and Symantec. Some emphasize the importance of using additional tools for spyware protection, like Adaware and SpyBot, while others mention the use of hardware firewalls and specialized operating systems for enhanced security. There is a notable interest in advanced systems like Plan 9, which is praised for its unique user namespace and security architecture, eliminating traditional administrator roles and centralizing control through a file server. The conversation also touches on the practicality of maintaining security measures, with some users expressing concerns about the maintenance burden of constant updates from antivirus software, especially on slower internet connections. Overall, the thread reflects a range of approaches to security, from basic software solutions to more complex configurations involving hardened operating systems and dedicated hardware, underscoring the diverse needs and preferences in personal and network security.
PerennialII
Science Advisor
Gold Member
Messages
900
Reaction score
1
Was wondering what kind of security software/hardware you're all running & what combination you think is best in terms of effectivity/reliability/maintenance (got some hardware updates to do, might as well update the system a bit if seen necessary)? ... on this pc I'm relying on software alone, ZA Pro for firewall, Avast Pro for antivirus, Adaware & SpyBot for spyware etc. stuff, peerguardian lite for bad ips (or sometimes ported the list to ZA) and processguard for overall execution etc. protection.
 
Computer science news on Phys.org
My security mainly consists of iptables ( http://www.netfilter.org/ ), some logging and good passwords. If I was ultra paranoid i'd be running a hardened linux kernel with SELinux (http://www.nsa.gov/selinux/) and AIDE (http://www.cs.tut.fi/~rammer/aide.html).
 
Last edited by a moderator:
I run Solaris on my web server (Apache with a hardened configuration) and mail server (Sendmail with an extra-hardened configuration). For firewalling, I use FreeBSD with the ipf firewall(awesome performance and nice syntax). If I had the time, I'd switch to OpenBSD and use their pf firewall implementation.

If I had even more time, I'd get my Plan 9 network back up and running. www.cs.bell-labs.com/plan9dist. Plan 9 is literally the most secure operating system. It's user namespace makes jails look like a thing of the past. There is no 'administrator user' as such. The only system that can see every namespace and change configuration files is the file server. A Plan 9 network is designed to have a file server (authentication server, too), CPU server (boots of a floppy disk), and clients that use the CPU server, access files off the file server, and authenicate off the file server.

Sun's 'Trusted Solaris' has a very similar implementation to user namespaces. In fact, Sun got the idea of user namespaces from Plan 9.
 
Last edited:
The Plan 9 website is so secure you can't even access it.
 
Interesting, same here, also.

Edit: The Bell Labs' Plan 9 site is back up.
 
Last edited:
Now that is security :)

My security consists of ZA firewall, and Symantec Anti-Virus. And my laptop, that is where i have all my documents, it is not connected to the internet, i take the data that i need either through an IP cable (whilst disconnected from the internet), or my USB flash memory, or a CD.
(could still get viruses to it, but i doubt that i would get any unwanted survaillence)
 
BTW, how secure would it be using a NSA security platform when they are just about the only one that is watching you? :)
 
If I had even more time, I'd get my Plan 9 network back up and running. www.cs.bell-labs.com/plan9dist. Plan 9 is literally the most secure operating system. It's user namespace makes jails look like a thing of the past. There is no 'administrator user' as such. The only system that can see every namespace and change configuration files is the file server. A Plan 9 network is designed to have a file server (authentication server, too), CPU server (boots of a floppy disk), and clients that use the CPU server, access files off the file server, and authenicate off the file server.

Would not mind giving this a try if could squeeze those couple of hours from somewhere ... some real networking.
 
Plan 9 has matured quite a bit. I started really using it in the early Release 4 days. I had 3 client systems, that each booted off of floppies and the file server. These client systems were also CPU servers. The fileserver, in turn, ran a Fossil file system and a Venti (something that runs on top of Fossil that keeps track of changes, you can make snapshots and return to those snapshots at a later point), and a secstore (an authenication management system that keeps track of telnet, ssh, vnc, and system passwords).

If you'd like to try out Plan 9 there is a VMware image in their downloads section. You could also download the ISO and boot off the image using VMware to do an install. All of the VMware hardware will be supported (with the exception of sound or anything relating to mulimedia, etc.) to use Plan 9.
 
Last edited:
  • #10
If you'd like to try out Plan 9 there is a VMware image in their downloads section. You could also download the ISO and boot off the image using VMware to do an install. All of the VMware hardware will be supported (with the exception of sound or anything relating to mulimedia, etc.) to use Plan 9.

Sounds good enough to give it a try ... thanks !
 
  • #11
I use the same security as in Mission Impossible, my supercomputer is in its own room, decible meters, thermal detectors, security lasers, can't touch the floor, mice in the ducts to scare people with.
 
  • #12
I have had some weird luck with firewalls for my home PC, so I don't know if I'll go down that road again. I am thinking about using Sophos for virus protection because we have a subscription for it at work (a university) that will extend to home use. The only problem is that it constantly pushes updates, and being only on dialup at home, I am worried that I'll spend the majority of my online time just downloading these updates. (I am too cheap to buy DSL, especially when I can just dial into the university's modem banks for free.)
 
  • #13
I don't bother much with security. I figure if someone is determined to hack my box they probably could. And being forced (ok, ok, "coerced") into running windows a good chunk of the time means it probably wouldn't matter anywa.

I probably should put up a firewall at my router but I don't have the funds for it as of now. Putting up a firewall at the OS level is a big hassle and I keep having to turn it off to do anything useful.
 
  • #14
dduardo said:
The Plan 9 website is so secure you can't even access it.

lol...that reminds me. The Russian gov once proclaimed their site as the most secure ever.
 
Last edited:
  • #15
I use Windows XP Pro so I need a lot of security.

I use McAfee for virus protection and it has worked quite well.
Zone Alarm I use for a firewall and that works, and it's free.
I also use a little program called WinPatrol. Nice little program.
 

Similar threads

Security Software Recommendations for WinXP
Replies
3
Views
2K
What can you do with a PS3 connected to the internet?
Replies
4
Views
3K

Hot Threads

Recent Insights

Back
Top