1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Windows Lockdown Guide

Discussion in 'General Software' started by Steevo, Jan 20, 2008.

  1. Steevo

    Steevo

    Joined:
    Nov 4, 2005
    Messages:
    8,300 (2.56/day)
    Thanks Received:
    1,186
    There have been quite a few people getting infected, and or having their personal data exploited. So I am creating a simple guide to hopefully show people how easy it is to lockdown a computer and prevent any sort of malicious activity from spoiling your good fun.


    It will be a work in progress for awhile as there is alot to show, and I would like to eventually have it be a step by step procedure of how to.



    For now just the basics and some tests to help show you where you are vounrable.


    First up is Firewalls.

    Hardware VS Software

    The biggest differences I have seen in Hardware VS Software firewalls is.
    The expense.
    Setup time.
    Ease of use.
    Hardware does not tax a systems resources.
    Ease of procuring software firewall.


    Firewall Testing.


    Most tests you will find on the internet about Firewalls are for software firewalls. Leak testing is a good example. I am currently unaware of Hardware firewalls that offer protection from the exploits that a USER can encounter by browsing or downloading the internet. For this a software firewall offers a large advantage provided it can pass the leak tests. For more information about leak testing your system or network please visit the site listed below, I have tried the leak tests on my personal choice and it has passed every one easily.

    http://www.firewallleaktester.com/index.html

    Try this for both your Hardware and Software firewalls and see what results you get. If you fail certain tests do not immediately blame the firewall, perhaps you have not configured it properly. I do not expect Hardware firewalls to pass some of those tests, and will test the ones at work. The Windows firewall that is included will not pass the majority of those test, and sometimes your Anti-Virus, Anti-Spyware or other malware detectors will catch the leak or fault before your Firewall does.

    Does the fact that a hardware firewall will not offer some of the per user advantage mean that it is superior? Not a chance. I use Sonicwall firewalls at work and have a spare TZ-170 around here somewhere. If I am so inclined I only allow users to access pages that I approve, enforce content filters, permanently ban whole top level domains from being accessed. I can lock down the whole place. Hardware firewalls are great for a multi-user environment. They offer better blanket protection, better protection for people who are unaware of how firewalls work, and how to setup a software firewall properly. They are great for users who don't want to expend their system resources to make sure their system is running clean. They offer logging that can be e-mailed to yourself, or you can check. Most offer other services as well as firewall protection, such as user controlled Network Address Translation, the ability to setup your own secured domain, Secure VPN, packet inspection, and intrusion prevention.

    What firewall to get?

    For right now I am only going to review what I have, and am using. Others will have their own opinions, and feelings about this subject. I am not against the software or hardware that anyone else uses. But if you are going to suggest it, or put down what I have posted please give good reasons for doing so. Simply saying "It didn't work for me" is not a valid argument.


    The first one up is Comodo Firewall Pro
    http://www.comodo.com/


    They offer much more than just a Firewall. I have experience that even when visiting questionable sites that will try to exploit your computer and install malware/trojans this program will prevent the file from being executed and able to do harm.

    (Need to insert Pics Here)

    [​IMG] [​IMG]
    [​IMG] [​IMG]
    [​IMG] [​IMG]
    [​IMG]
    As seen in the pictures above Comodo stops the leak tester before it can even get started. it also checks the "fingerprint" or digital signature of executable files to make sure that there has been no tampering. During this test I had to OK the installation and system hook that this test uses for its attempt. Even after having files in the system directory and loaded it was unable to thwart the firewall.

    There are options below that allow you to select the file as a trusted application as shown below
    [​IMG], after this when a event occurs that could pose a risk a small window pops up in the corner like this.
    [​IMG]
    If playing a game and the game causes one of these to pop up you will not see it, and it will not cause any problems from my experience.

    Comodo Setup

    [​IMG]

    This is the main screen after the installation.

    As we look down the left side we can see the following. First up is system summary. This lets you know the status of the firewall. If there is a faulting or damaged component this will alert you. Next up is Network Defense, this shows the current connections by process, and direction of connection. In this box there is also a "stop all activities" this will shut down your network connection, useful if you have a program that keeps downloading, or a file that has bypassed the windows networking configuration. Some trojans and other malware will bypass the windows networking stack to connect, this operates at a lower level than the windows network stack completely shutting off all access.
    Below this is a box that not every Firewall provides, Proactive Defense, this is the part of the firewall that checks for system access of malware, some of which is targeted at firewalls and anti-virus, it will end instances of your protection in a attempt to gain control over a system. As seen below there are active processes that have been approved, and files that are "waiting for your review". It is good to note that even when there are files waiting for review you don't have to check this every day as is obvious with my system. :D They system only notes the new files and changed files, this way if there are problems or a infection that has spread to a file you can contain the file.

    On the right side you can see where the firewall reports other useful information, such as a update being available, and you can click this link to download the new version. Next is the Traffic manager, it shows what processes are accessing the network, and what direction the connection is flowing. In the window shown Firefox is using 100% of the outbound connection, it changed shortly after to show a inbound connection. The % shown is not total connection speed, but what percentage of the connection is used by what process. So for that connection it is possible I was only using a small amount of the total bandwidth available. Next up is Tip of the Day, where you can learn things about your firewall, along with radio buttons to move through different tips.

    At the top we see the following category's.
    Summary, and that is the screen we are currently in.
    Firewall, where you can control features of the firewall.
    Defense+, where you can choose programs as trusted, and view other security settings.
    Miscellaneous, Where you can manage different configurations and submit files.

    Here are screenshots of each category.
    [​IMG]

    [​IMG]

    [​IMG]

    [​IMG]

    [​IMG]

    For this Firewall I would give it a rating of 9/10.

    Positives:
    Free
    Highly secure
    Offers more security than just a firewall.
    User editable rules.
    Port Forwarding
    Allows host system to act as gateway.
    Small footprint

    Negatives:
    Hard to setup
    Constant requests can get annoying




    Next up will be Sonicwall Firewalls.
     
    Last edited: Jan 20, 2008
    Triprift and peach1971 say thanks.
    10 Million points folded for TPU
  2. WhiteLotus

    WhiteLotus

    Joined:
    Jul 30, 2007
    Messages:
    6,536 (2.50/day)
    Thanks Received:
    847
    keep the guide going - could easily become stickied
     
  3. Triprift

    Triprift

    Joined:
    Dec 10, 2007
    Messages:
    7,185 (2.90/day)
    Thanks Received:
    915
    Location:
    Adelaide Australia
    An excellent read keep em coming.
     
  4. Steevo

    Steevo

    Joined:
    Nov 4, 2005
    Messages:
    8,300 (2.56/day)
    Thanks Received:
    1,186
    Can I ask that this post be moved to the second place?


    Next up is Anti-Virus.

    There are many different anti-virus programs out on the market, some free, some with subscriptions. They all claim to do the same thing, however some do better in certain situations, some do worse. Some use more resources, some very little. Some scan in realtime but more on that later, some are on access scanners. Some contain malware protection, some only look for virus and trojan infection.



    With all these options and with the options that other programs like firewalls, rootkit detectors, malware/spyware removers provide you may wonder what is the best. I can't tell you that, but hopefully after I get done you will be able to make the best decision for your circumstances.

    Moar later as the wife is requesting attention too. :p
     
    10 Million points folded for TPU
  5. AsRock

    AsRock TPU addict

    Joined:
    Jun 23, 2007
    Messages:
    10,901 (4.12/day)
    Thanks Received:
    1,673
    Location:
    US
    Cool. will try that some time see if it's better than Outpost v4.

    Can you limit each program to what ports you want it be able use ?. And can you block DNS ?. ICMP ?. Block apps b4 they actually run ?. As the only program that i have known truly come close to Outpost Firewall is Tiny Firewall but both are payware. I'll probably not go for this but i'll surly try it out. Any chance they have a payware version too ?

    All so test here too
    http://www.pcflank.com/scanner1.htm?from=menu
     
  6. Steevo

    Steevo

    Joined:
    Nov 4, 2005
    Messages:
    8,300 (2.56/day)
    Thanks Received:
    1,186
    I will update it to reflect that it does not allow DNS. ICMP is a different animal, but if you enable stealth ports, you will remain invisible, minus any ports you want to forward, but more on this as I build this.
     
    10 Million points folded for TPU

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page