Welcome to City-Data.com Forum!
U.S. CitiesCity-Data Forum Index
Go Back   City-Data Forum > U.S. Forums > North Carolina > Charlotte
 [Register]
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
View detailed profile (Advanced) or search
site with Google Custom Search

Search Forums  (Advanced)
Reply Start New Thread
 
Old 08-16-2013, 03:43 PM
 
Location: Charlotte
279 posts, read 444,831 times
Reputation: 161

Advertisements

Quote:
Originally Posted by krokus View Post
Errrmm. Every website load starts with an ACK packet (hi, here I am.). Port 80 has to be open on the PC.
No. We are talking about the firewall. You are sitting behind it natted out from the real internet. You access a website. It goes through the firewall, with the ACK not set. Packets coming back from the website will have the ACK set or they get dropped.

Now if you are running a webserver on your home network, then this is another matter. However this is unsusual and most people should not do it. It's better to pay a hosting company for a website.
Reply With Quote Quick reply to this message

 
Old 08-16-2013, 04:43 PM
 
Location: Murica
834 posts, read 1,005,882 times
Reputation: 607
Quote:
Originally Posted by krokus View Post
No really. Nearly all the improved security that MS have put into their newer OSs is to protect the user from themselves. I say this because a well setup PC is very hard to attack so long as you follow some simple rules.
- Set the firewalls on your home router and all your PCs to reject all request packets except on port 80
- have a decent anti-virus/malware program that is correctly set up and that you actually RUN on a regular basis. Mine runs 3 times daily and deep scans every week.
- Don't download (and run) from unknown/untrusted/unscanned sources.
- Don't open unknown/unscanned email attachments
- Stay clear of websites that are likely to try to execute "drive-by" scripts.
- Disable browser add-ins and unknown toolbars(Java is getting better).
- Use a heirarchy or passwords based on their importance. Change them regularly and do not use the same ones over and over.

I could go on and on here but all of the above is really just common sense.

Lastly, if "they" want to get you, they will. There is stuff out there that makes even my bald head of hair curl. However since you are not Uncle Sam or a place that contains profitable (any definition) they probably won't bother.
-Considering hackers are using Browser, Browser Plugin, and Doc exploits to get code execution and download in the context of a known process and protocol(HTTP), this is going to have little to no affect. WHEN a listening socket exploit like for SMB does come along it's now mostly used for LAN infections post-dropper-infection. Guarding ports is assumed by attackers now and they no longer care..
-No, have a decent HIPS, or even better, Sandbox. Signatures fail the second a new 'crypter' or switch compilation is made.
-And if you really want to, do it inside a sandbox or VM with valued password storage restricted
-Unless you need to from a reliable source and only in a sandbox
-Considering a lot of "drive-by" sites are compromised legit sites or embedded ad networks, just run your browser in a sandbox
-Yes Java, not Javascript and Cookies, this is annoying when people do this..
-Use a respected autotype+storage software like PasswordSafe, and if you really want to be an elite hax0r run it and the browser as a dedicated user with the password safe file only accessible by the manager, this functionality is built into all windows OS.


A few of my own notes:
-Windows firewall is easy to disable and bypass.. You change a registry key and stop a service as a malware author, about the same with the MS AV except you stop a driver first from inside of explorer.exe
-There is no such thing as a secure OS, Linux gets security holes discovered weekly even in it's kernel, and windows has had the equivalent of SELinux since the 90s; difference? Windows doesn't have proper policies enabled out of the box(except when you run as guest) and only does patches the second Tuesday of every month..
-There is no such thing as 'secure software' there is such thing as audited source code that is secure until one of the libs it uses has a bug or someone finds a bug in it's memory management. If a software is too "expensive" to find holes in researchers usually avoid it for profit
-if you don't use an "offline" AV or a managed anti-rootkit, you're no more secure than those who have no protection and no skills
-AES 256bit and RSA 4096bit will make your government and criminals hate you..
Reply With Quote Quick reply to this message
 
Old 08-16-2013, 04:56 PM
 
642 posts, read 1,164,684 times
Reputation: 641
Quote:
Originally Posted by krokus View Post
No really. Nearly all the improved security that MS have put into their newer OSs is to protect the user from themselves. I say this because a well setup PC is very hard to attack so long as you follow some simple rules.
- Set the firewalls on your home router and all your PCs to reject all request packets except on port 80
- have a decent anti-virus/malware program that is correctly set up and that you actually RUN on a regular basis. Mine runs 3 times daily and deep scans every week.
- Don't download (and run) from unknown/untrusted/unscanned sources.
- Don't open unknown/unscanned email attachments
- Stay clear of websites that are likely to try to execute "drive-by" scripts.
- Disable browser add-ins and unknown toolbars(Java is getting better).
- Use a heirarchy or passwords based on their importance. Change them regularly and do not use the same ones over and over.

I could go on and on here but all of the above is really just common sense.

Lastly, if "they" want to get you, they will. There is stuff out there that makes even my bald head of hair curl. However since you are not Uncle Sam or a place that contains profitable (any definition) they probably won't bother.
Quote:
Originally Posted by TJJT View Post
-Considering hackers are using Browser, Browser Plugin, and Doc exploits to get code execution and download in the context of a known process and protocol(HTTP), this is going to have little to no affect. WHEN a listening socket exploit like for SMB does come along it's now mostly used for LAN infections post-dropper-infection.
-No, have a decent HIPS, or even better, Sandbox. Signatures fail the second a new 'crypter' or compilation is made.
-And if you really want to, do it inside a sandbox or VM with valued password storage restricted
-Unless you need to from a reliable source and only in a sandbox
-Considering a lot of "drive-by" sites are compromised legit sites or embedded ad networks, just run your browser in a sandbox
-Yes Java, not Javascript and Cookies, this is annoying when people do this..
-Use a respected autotype+storage software like PasswordSafe, and if you really want to be an elite hax0r run it and the browser as a dedicated user with the password safe file only accessible by the manager, this functionality is built into all windows OS.


A few of my own notes:
-Windows firewall is easy to disable and bypass.. You change a registry key and stop a service as a malware author, about the same with the MS AV except you stop a driver first from inside of explorer.exe
-There is no such thing as a secure OS, Linux gets security holes discovered weekly even in it's kernel, and windows has had the equivalent of SELinux since the 90s; difference? Windows doesn't have proper policies enabled out of the box(except when you run as guest) and only does patches the second Tuesday of every month..
-There is no such thing as 'secure software' there is such thing as audited source code that is secure until one of the libs it uses has a bug or someone finds a bug in it's memory management. If a software is too "expensive" to find holes it researchers usually avoid it for profit
-if you don't use an "offline" AV or a managed anti-rootkit, you're no more secure than those who have no protection and no skills
-AES 256bit and RSA 4096bit will make your government and criminals hate you..
Yes, you are right. I should have written Javascript. It was what I meant. I actualy referenceced scripts later on. Sorry.

What I am rwally talking about here is reasonable measure that normal people can do. Runn a browser in a sandbix and using DMZs is beyond most people. Please everybody remember that this sub-discussion statred when I suggested that runnign XP was a viable method of saving money. Yes, I know it is becomming unsupported and that was why I responded with some common sense suggestions.

Since then the poor OP's thread has been at best diverted.

I doubt few people know better than I that there is no such thing as a secure OS or, for that matter a secure computer. In fact I have only ever seen one totally secure compter in my whole career. It was 1/2 mile underground, ha one access from an elevator and you exited the elevator facing a man with a gun. behind this were 2 rooms. one contained the computer and the other (no connecting door) contained the rinter. This was in the early 1970s so no connection to the outside world was possible.

I used to be a CIO for a private Swiss bank and I have seen an awful lot of the tricks people get up to. However I stand by my post of using simple common sene solutions and, making backups.

I really just wanted to help the OP and not dive down a tehnical rat hole although I had a pretty good idea that this would leikely happen. I vote we hand the thread back to the OP.
Reply With Quote Quick reply to this message
 
Old 08-16-2013, 05:21 PM
 
Location: Murica
834 posts, read 1,005,882 times
Reputation: 607
Quote:
Originally Posted by krokus View Post
Yes, you are right. I should have written Javascript. It was what I meant. I actualy referenceced scripts later on. Sorry.

What I am rwally talking about here is reasonable measure that normal people can do. Runn a browser in a sandbix and using DMZs is beyond most people. Please everybody remember that this sub-discussion statred when I suggested that runnign XP was a viable method of saving money. Yes, I know it is becomming unsupported and that was why I responded with some common sense suggestions.

Since then the poor OP's thread has been at best diverted.

I doubt few people know better than I that there is no such thing as a secure OS or, for that matter a secure computer. In fact I have only ever seen one totally secure compter in my whole career. It was 1/2 mile underground, ha one access from an elevator and you exited the elevator facing a man with a gun. behind this were 2 rooms. one contained the computer and the other (no connecting door) contained the rinter. This was in the early 1970s so no connection to the outside world was possible.

I used to be a CIO for a private Swiss bank and I have seen an awful lot of the tricks people get up to. However I stand by my post of using simple common sene solutions and, making backups.

I really just wanted to help the OP and not dive down a tehnical rat hole although I had a pretty good idea that this would leikely happen. I vote we hand the thread back to the OP.
There is software like Sandboxie designed for end-users, it's never had one security hole and is ~5 years old.

I believe you worked for a bank. They can't even design financial protocols half-efficient and even remotely-secure..

Actually I'm the only one in this thread who gave a useful response. People directing you to someone who is going sale you a 2+ year old system at 2013 tech prices, and starting irrelevant conversations on network security is what's commonly referred to as 'off-topic' and half-arsed.

Spend <=800 USD(probably 100-700 less than what the shops will charge you for a sandy bridge or core cpu and old video card build) on a Haswell i5 and 192bit 2GB gaming system, it will max out GTA IV MP which means it'll play pretty much anything maxxed.. Get a hyper 212 cpu cooler for the i5 for $25, best reviews on overclocker forums.. Or for less use AMD instead and maybe lose some frames, get a piledriver tri or quad core with a good sync, you'll probably save 20-40 USD.. This is the latest-latest tech and you won't be paying money to someone who will laugh about you paying $800 extra when you carry it out the door of their shop..
Reply With Quote Quick reply to this message
 
Old 08-16-2013, 07:16 PM
 
7,672 posts, read 12,745,343 times
Reputation: 8030
Between Amazon and Newegg, I ordered all the parts pretty much what TJJT listed. I will be attempting this build next weekend. I just wasn't finding the right combo for what I wanted and one place hasn't called me back and I haven't been able to get up North so I am just going the newegg route. Thanks for all the tips in this thread!
Reply With Quote Quick reply to this message
 
Old 08-16-2013, 08:32 PM
 
Location: Murica
834 posts, read 1,005,882 times
Reputation: 607
Quote:
Originally Posted by momtothree View Post
Between Amazon and Newegg, I ordered all the parts pretty much what TJJT listed. I will be attempting this build next weekend. I just wasn't finding the right combo for what I wanted and one place hasn't called me back and I haven't been able to get up North so I am just going the newegg route. Thanks for all the tips in this thread!
The people who own the shops in my town don't know how computer viruses work, what the difference between a virus and rootkit is, or how to do pretty much anything without a graphical interface. You're likely better off even if they did have something newer..
Reply With Quote Quick reply to this message
 
Old 08-17-2013, 07:22 AM
 
642 posts, read 1,164,684 times
Reputation: 641
Quote:
Originally Posted by TJJT View Post
There is software like Sandboxie designed for end-users, it's never had one security hole and is ~5 years old.

I believe you worked for a bank. They can't even design financial protocols half-efficient and even remotely-secure..

Actually I'm the only one in this thread who gave a useful response. People directing you to someone who is going sale you a 2+ year old system at 2013 tech prices, and starting irrelevant conversations on network security is what's commonly referred to as 'off-topic' and half-arsed.
Yes there are a number of products that can help isolate browser BUT, most users do not know about them. Neither do they understand what they do or, how to set them up.

I worked for a small private Swiis bank, in Switzerland and believe me we had systems that were highly secure and they worked. I ws tasked not to make systems that the world at large was to use. My job was to make sure we were secure and our clients' money was safe. On on my watch, I had a 100% record. Whay was this? well, I not only knew exactly what I was doing I also hold two BScs. I do not believe in complex patches to systems. I believe that users should not have worry about their system security. That is my job. If you read my post where I made reccomendations, you will note that my whole plan was to stop the bad guys getting to the PC. That i why I started with the router firewall and then moved to the system firewall. After that I put in a good ant-virus/malware program. I do this because my whole plan is to stop people getting to the registy. Once they get to that, they own the system. You jumped right past all I said and went for a teccy set of system patches solution (sandbox, registry refernces, etc.). I concentrated on managing the problem.

I was paid to provide viable and working solutions and, I did.

I cannot judge if you were the only one to provide a useful respose. I thought that I too contributed positively. Maybe I'm wrong.
Reply With Quote Quick reply to this message
 
Old 08-18-2013, 08:29 AM
 
7,672 posts, read 12,745,343 times
Reputation: 8030
I just reread the posts in this thread, and there were all helpful and very useful! Even though I didn't go locally to have it built (it was just over my budget) I did learn a lot and will use them for repairs or small parts. (I bought a video card from one of them)

I honestly got greedy and wanted the most bang for my buck so I am building it.
Reply With Quote Quick reply to this message
 
Old 08-18-2013, 09:32 AM
 
Location: Charlotte
279 posts, read 444,831 times
Reputation: 161
Quote:
Originally Posted by krokus View Post
////I believe that users should not have worry about their system security. That is my job. If you read my post where I made reccomendations, you will note that my whole plan was to stop the bad guys getting to the PC. That i why I started with the router firewall and then moved to the system firewall. ..... Maybe I'm wrong.
On the first point which is off topic, the user is the biggest source of security issues and they should be educated as much as possible in a corporate environment to adhere to certain policies, rules, and regulations and to "worry" about it. Security is everyone's responsibility, not just those sitting in the glass house. Without out that, no security policy can be expected to work and it won't work. 95% of the corporate security problems are not due to failures in the software or equipment, but rather, because policies were not followed.

-------------

On topic, you should never leave a port open on a domestic home router on the internet side. This includes port 80. Doing so exposes the router itself to a direct attack and once they have achieved that, the rest of your home network is toast.
Reply With Quote Quick reply to this message
 
Old 08-18-2013, 09:36 AM
 
Location: Murica
834 posts, read 1,005,882 times
Reputation: 607
Quote:
Originally Posted by momtothree View Post
I just reread the posts in this thread, and there were all helpful and very useful! Even though I didn't go locally to have it built (it was just over my budget) I did learn a lot and will use them for repairs or small parts. (I bought a video card from one of them)

I honestly got greedy and wanted the most bang for my buck so I am building it.
A few notes that will make things easy for you:

  1. Windows licenses, both retail and volume, are locked to the motherboard and no other component, and you can revoke old motherboards and move your license to a new one. This also means you can change any component without buying another license.
  2. 7-Ultimate and 8-Pro have no exclusive features that don't have better free 3rd party alternatives. These features are mainly to do with file system encryption and virtualization.
  3. You can download ISOs off the net for windows, just make sure they are not altered by checking the MD5 or SHA1 hash of the ISO. DigitalRiver provides official SP1 7 ISOs for download. Your key will work with any of them that are the same version of OS.
  4. All modern x86 RAM controllers are on the CPU, look to CPU specs for RAM specs and buy that spec in a physical form compatible with your RAM banks. If you ever get RAM that doesn't work, look up the density and CAS value of it and make sure it's the same as known-to-work RAM of the same capacity per-bank.
  5. SATA 600 drives will work on SATA 300 sockets
  6. Magnetic hard disks last longer and are cheaper than SSD(solid state disk). People will argue this but just mention wear leveling which even the best SSD performs badly in, comparatively speaking..
  7. ITX works on MATX screw patterns, it uses 1/4 the screw patterns.

Last edited by TJJT; 08-18-2013 at 09:49 AM..
Reply With Quote Quick reply to this message
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.

Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.


Reply
Please update this thread with any new information or opinions. This open thread is still read by thousands of people, so we encourage all additional points of view.

Quick Reply
Message:




Over $104,000 in prizes was already given out to active posters on our forum and additional giveaways are planned!

Go Back   City-Data Forum > U.S. Forums > North Carolina > Charlotte
Similar Threads

All times are GMT -6.

© 2005-2024, Advameg, Inc. · Please obey Forum Rules · Terms of Use and Privacy Policy · Bug Bounty

City-Data.com - Contact Us - Archive 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37 - Top