Computer Security

[TN8Man]

+1 on not needing a VPN. Unless you're worried about your ISP doing packet shaping and limiting your bandwidth to certain services(like Verizon was doing recently with Netflix). There's some stuff in the works to let your ISPs read your traffic and sell information based on that which would be another reason but generally it's a huge hassle to setup and your internet will be slower.

As long as you're using HTTPS(lock in the top bar) everything is encrypted using a public/private asymmetric encryption which is enough for almost any use.

I use vpn because I stream content from around the world. Some content is blocked from within the US. VPN provides protection and bypasses blocks. VPN also masks my ip address which has many advantages.

 

[rekees4300]

I'm sure I know less about computers than many of you, but I just renewed my subscription to Webroot Secure Anywhere from Best Buy.

I used Webroot for a couple years then recently they sent out an update that destroyed thousands of their customers' computers. Totally unacceptable! :thumbdown: I got rid of Webroot and now just using Windows Defender.

 

[vvanders]

U.S. Army Installing Apple Computers - Schneier on Security I don't want to belittle you expertise, but a very close family member was the 17th employee at Apple, he designed the chips, yeah the guy who designed the CPU for a generation of computers, and the guy who invented/designed the gigabit chip in your server. I'll take his word. I don't do anything, plug and go... No firewalls, no anti anything running. No issues.

Just because you haven't been hacked doesn't mean it's not possible. For instance, why would Apple issue security patches if they weren't vulnerable?

Also, cool for your family member but apple hasn't designed their own chips until recently. The Apple I and II used an off the self MOS 6502, desktops were based on PowerPC by IBM then x86 by Intel. Even the A4/6/8 are licensed ARM cores with additional work. Most of what Apple built was already invented at Xerox PARC with the Alto(including Ethernet, GUI, the mouse and many others).

 

[houstonscott]

Just because you haven't been hacked doesn't mean it's not possible. For instance, why would Apple issue security patches if they weren't vulnerable? Also, cool for your family member but apple hasn't designed their own chips until recently. The Apple I and II used an off the self MOS 6502, desktops were based on PowerPC by IBM then x86 by Intel. Even the A4/6/8 are licensed ARM cores with additional work. Most of what Apple built was already invented at Xerox PARC with the Alto(including Ethernet, GUI, the mouse and many others).

How many of those chips did you design? There are iterations of those chips where certain keystrokes will bring up my nephews picture, it's built into chip, was the cool thing to do in those days, by designers.

 

[vvanders]

I use vpn because I stream content from around the world. Some content is blocked from within the US. VPN provides protection and bypasses blocks. VPN also masks my ip address which has many advantages.

Yeah, that's fair although quite a few content providers are getting smart on it. For instance if you try and hit Netflix from an EC2 instance you'll find it doesn't work. IPs are issued in blocks and most of the streaming services are starting to blacklist ranges coming from common cloud providers.

 

[cqaigy2]

I've been using a Fortigate for firewall/router. It has wifi capability. AV, URL Filtering, IPS, SSL Inspection, DLP, Application Control etc some controls require a subscription. You can also setup as a transparent proxy for http https ftp and can be setup to sit in the middle of ssl session so that it can look at the traffic going in both directions. Just because you have ssl going doesn't mean your safe, it could be implemented incorrectly and the far end may have been compromised. So unless your security device can read the encrypted traffic, it won't have any idea what it is and that it may contain code you don't want to get to your computer. Then you might want to use an AV you trust on your endpoints.

Also, like vvanders posted earlier, prudent computing behavior is very important.

A good backup with ability to restore, can be your friend as well.

I've been using malware bytes premium for years. Bitdefender, this year. MVPS hosts File.

A windows vm with Sandboxie running commodo dragon if your going to be going places that are shady. When im done, revert to prior snapshot.

 

[TN8Man]

I hate to break it to you but if you're looking to defend against stuff like CherryBlossom then it's just not going to be possible. 99% of that stuff is based on zero-day exploits that will work if they can deliver the payload along the exploit vector(like the wifi power signal packet above in Broadpwn). The developers can't fix software that they don't yet know is broken.

If you want to defend against that stuff you're best bet is to lobby congress to keep the NSA from hoarding exploits they discover and instead work with companies to fix them so our infrastructure is better defended. There's no such thing as an "offensive" software capability that can't also be equally exploited by anyone else out there with the time and/or money.

If I target a security system to protect my network based on advanced tools like CherryBlossom and others in the Vault 7 release then I will enviably end up with the best system available at a reasonable price. What ever I get it will be better than what I currently have.

The Vault 7 public release was not just documentation, it included source code.

 

[TN8Man]

Yeah, that's fair although quite a few content providers are getting smart on it. For instance if you try and hit Netflix from an EC2 instance you'll find it doesn't work. IPs are issued in blocks and most of the streaming services are starting to blacklist ranges coming from common cloud providers.

I use Kodi for the most part. It's free!

 

[vvanders]

I use Kodi for the most part. It's free!

I'd be careful, if it's free ask yourself who's paying. It isn't you and that means there's a good chance they're either selling your browsing history or serving you ads. Speaking of security ads are one of the main vectors since they usually come from a 3rd party.

 

[vvanders]

How many of those chips did you design? There are iterations of those chips where certain keystrokes will bring up my nephews picture, it's built into chip, was the cool thing to do in those days, by designers.

:laughing: :laughing: :laughing:

You know where keystrokes are handled? In software.

Listen dude, I understand you have a scorched earth policy on not being proven wrong but you may want to quit while you're ahead here.