Computer Security

[polo1665]

Switch to Apple. Problem solved.

I'm certainly not nearly an expert on any of this, but recent training at my workplace said that this is a myth.

 

[Garandman]

I don't think Apple computers and devices are immune to all the threats. Apple is not an option for my needs.

You are correct, but the dudes with the Apple tattoos don't hear that.

Frugalangler pretty much nailed it.

 

[kf4uda]

ESET Smart Security is the best security software that I have found. We have been using it on all of our PCs and servers at work. It takes care of business and doesn't take up all of your computer's resources while doing it.

Internet security for Windows | ESET

 

[houstonscott]

I'm certainly not nearly an expert on any of this, but recent training at my workplace said that this is a myth.

It's not... Had an Apple since 1979, do nothing and never been hacked. The hardware/software don't work the same with the operating system in a PC, it's simply not possible. Doesn't work that way.

 

[RNeumann]

I reread your question and can also provide my experience with router security. The NAT technology in most (even basic) routers is such that it is near impossible for someone to hack. The way things are typically hacked is with a password- making that a vital link in the chain. We were ready to do whatever it would take to protect our data and system from hacks when we were deciding on the router/firewall. The techs we had unanimously agreed a standard router would be fine.

To have your router handle the VPN service read here-

How to: Setup VPN on an Apple Airport Extreme – VPNPick.com

Is sounds like a firmware change.

Seems like a strange solution that creates unneeded complexity and headaches. VPNs have a place - but all your data- that's overkill IMHO. No need for VPN when you are just cruising the tractor forum.

 

[vvanders]

It's not... Had an Apple since 1979, do nothing and never been hacked. The hardware/software don't work the same with the operating system in a PC, it's simply not possible. Doesn't work that way.

As someone who is an expert on this stuff(I build software systems for a living), all operating systems do work mostly the same way. Developers make mistakes and then hackers/governments exploit them, you just tend to hear less about it on the iOS/OSX side of things.

This was just the latest one that made the big news at DefCon: Apple Patches iOS BroadPwn - Daily Security Byte | Secplicity - Security Simplified

Near a malicious WiFi access point with WiFi on(not connected, the buffer overflow was in the signal power response packet)? Boom your Apple product just got owned.

Coming back the the OP, there's no such thing as perfect security. It's just not possible, your best bet is mitigations. Do regular off-site backups, don't click on anything suspicious. You don't need to do much beyond your basic router firewall, that'll catch 99% of things out there. If a zero-day comes across your way there's not much you can do about it, hence why they call it a zero-day expoit.

 

[TN8Man]

It's not... Had an Apple since 1979, do nothing and never been hacked. The hardware/software don't work the same with the operating system in a PC, it's simply not possible. Doesn't work that way.

The computer hardware brand used is not really the issue. Most all computer brands have susceptibility to todays significant internet threats.

For a first order, I want to stop these threats at my router/firewall to help protect all my internet communications and devices used on my home network.

The article below talks about the CIA's capability that was recently exposed by whistleblowers but I'm sure by now bad actors also have this capability and probably more. This is the type threats I'm trying to protect my home network against.

CIA’s “CherryBlossom” Can Hack Almost Every Popular Router Brand You Can Think #Vault7

 

[vvanders]

I reread your question and can also provide my experience with router security. The NAT technology in most (even basic) routers is such that it is near impossible for someone to hack. The way things are typically hacked is with a password- making that a vital link in the chain. We were ready to do whatever it would take to protect our data and system from hacks when we were deciding on the router/firewall. The techs we had unanimously agreed a standard router would be fine.

To have your router handle the VPN service read here-

How to: Setup VPN on an Apple Airport Extreme – VPNPick.com

Is sounds like a firmware change.

Seems like a strange solution that creates unneeded complexity and headaches. VPNs have a place - but all your data- that's overkill IMHO. No need for VPN when you are just cruising the tractor forum.

+1 on not needing a VPN. Unless you're worried about your ISP doing packet shaping and limiting your bandwidth to certain services(like Verizon was doing recently with Netflix). There's some stuff in the works to let your ISPs read your traffic and sell information based on that which would be another reason but generally it's a huge hassle to setup and your internet will be slower.

As long as you're using HTTPS(lock in the top bar) everything is encrypted using a public/private asymmetric encryption which is enough for almost any use.

 

[vvanders]

The computer hardware brand used is not really the issue. Most all computer brands are susceptibility to todays significant internet threats.

For a first order, I want to stop these threats at my router/firewall to help protect all my internet communications and devices used on my home network.

The article below talks about the CIA's capability that was recently exposed by whistleblowers but I'm sure by now bad actors also have this capability and probably more. This is the type threats I'm trying to protect my home network against.

CIA痴 鼎herryBlossom Can Hack Almost Every Popular Router Brand You Can Think #Vault7

I hate to break it to you but if you're looking to defend against stuff like CherryBlossom then it's just not going to be possible. 99% of that stuff is based on zero-day exploits that will work if they can deliver the payload along the exploit vector(like the wifi power signal packet above in Broadpwn). The developers can't fix software that they don't yet know is broken.

If you want to defend against that stuff you're best bet is to lobby congress to keep the NSA from hoarding exploits they discover and instead work with companies to fix them so our infrastructure is better defended. There's no such thing as an "offensive" software capability that can't also be equally exploited by anyone else out there with the time and/or money.

 

[houstonscott]

As someone who is an expert on this stuff(I build software systems for a living), all operating systems do work mostly the same way. Developers make mistakes and then hackers/governments exploit them, you just tend to hear less about it on the iOS/OSX side of things. This was just the latest one that made the big news at DefCon: Apple Patches iOS BroadPwn - Daily Security Byte | Secplicity - Security Simplified Near a malicious WiFi access point with WiFi on(not connected, the buffer overflow was in the signal power response packet)? Boom your Apple product just got owned. Coming back the the OP, there's no such thing as perfect security. It's just not possible, your best bet is mitigations. Do regular off-site backups, don't click on anything suspicious. You don't need to do much beyond your basic router firewall, that'll catch 99% of things out there. If a zero-day comes across your way there's not much you can do about it, hence why they call it a zero-day expoit.

U.S. Army Installing Apple Computers - Schneier on Security I don't want to belittle you expertise, but a very close family member was the 17th employee at Apple, he designed the chips, yeah the guy who designed the CPU for a generation of computers, and the guy who invented/designed the gigabit chip in your server. I'll take his word. I don't do anything, plug and go... No firewalls, no anti anything running. No issues.