[ art / civ / cult / cyb / diy / drg / feels / layer / lit / λ / q / r / sci / sec / tech / w / zzz ] archive provided by lainchan.jp

lainchan archive - /sec/ - 174



File: 1492277887512-0.png (4.85 MB, 300x200, windowsprotection.jpg)

File: 1492277887512-1.png (53.91 KB, 300x232, windowsecurity2.jpg)

File: 1492277887512-2.png (103.73 KB, 225x300, windowsecurity3.jpg)

No.174

How make the Windows more security for free beyond installing another O.S.?Even by apply the concept defense in depth, the Windows looks pretty hard to keep well defense.

  No.175

>>174
You can't. But if you really want to, disconnect from the net.

Alright, if you really really have to, then your best bet may be to separate it into it's own protected network segment. I imagine putting it into it's own VLAN might be a good idea.
Use your own DIY router.
Also and most importantly put that PC behind a DIY hardware firewall. It must be a HARDWARE firewall. And it should be one using either BSD or Linux.

  No.176

But IMO, and no flame intended, securing WIndows 'properly' is a pipe dream.

  No.177

disable powershell
disable macros in word
use auto updates
uninstall java / flash /silverlight
run in usermode rather than admin

windows 10 is very secure, it's just not private.

  No.178

Also, like on any other platform, install and use NoScript.
That'll already do quite a lot.

  No.179

Is there anything similar to Tiny7 for Windows 10 ? I just got the latest iso by generation from trackers and god damn it has a lot of bullsoykaf bloat.

  No.180

>>175
>You can't. But if you really want to, disconnect from the net.

I just want to improve the security. I don't silly dream in making the same a fortress, just a barricade.

>Use your own DIY router.

Like the open-wrt?

>>177
I agree with the list case but, why disable the PowerShell?

>>178
Isn't better use umatrix block everything in global and allow case by case?

  No.181

>>180
open-wrt yes. bbbbbbbbbbbbbbbbbbbbbbbbbbbbbb

  No.182

>>180
Thats what I do,

I believe in noise, we need a minimum amount of noise to stay under the radar IMO. So I use windows 10 for gaming. Because of SteamVR etc.

Use Spybot Anti-beacon, it will block a lot of crap, use FOSS as much as you can, browse site like this with TOR.

You wont be a fortress, bout you will be noisy enough to be ignored while doing your thing.

Make sure you stay up to day, dont run odd programs, keep it behind NAT at all times!

  No.183

>>174
Also work on securing your god damn phone most of all.

Your desktop is nothing to the, compared to your phone.

If on android get rid of google apps, that soykaf is a cancer, install MicroG if you need to compatibility layer, run AFWall to block out all non FOSS apps until you need them. Use FOSS apps as much as you can.

Keep location and the radios off if you are not using them.

Use a completely FOSS ROM too, MicroG works best with them, encrypt it and thats that.

For internet at work I use a wifi repeater at my window. no cell data during the day.

  No.184

>>180
There have been / are many many vulns / viruses that leverage powershell.

  No.185

>>177
win 10 decided to reinstall flash for me after i removed it
spoopy

  No.186

>>183
>keep location and the radios off
you see, phones are broken by design, and your (backdoored) sim/firmware blobs are always there, turning on those features at will

  No.187

>>186
They are, and they should not be trusted, but we need to be realistic.

If you are at the point where you have a state player involved you should have already burnt your phone, or ensure its powered off.

They are broken by design, but we should be pragmatic and plan ahead encase the soykaf does hit the fan.

  No.188

>>182
>I believe in noise,...
Same here. I just use Windows for 4 things: Learn how make the windows security, old games, use a normal e-mail.

>>184
Thanks for the tip.

Also, I trying use MBSA and EMET.

  No.189

Please, could move the thread to >>>/sec/?

  No.190

>>185
Not particularly spoopy when you agreed to them doing that in the EULA. Just a symptom of non-free software.

  No.191

>>176

That is a pretty myopic view.

>>174

For the most part, the threat to a regular user will come through the either the web browser, or email.

Keep your browser up to date. Use an ad blocker (ublock/umatrix), specifically umatrix has some nice features. Privacy badger, HTTPS everywhere etc..

Keep your email client updated. Don't click on strange emails, don't click on every link you see. Do not even preview strange emails. Make sure your client has a feature that stops this behavior.

Install EMET, configure it to cover your applications and raise the protections to the maximum.

Do not use an admin account for every day tasks.

Modify your local group policy, a good starting point is https://github.com/iadgov/Secure-Host-Baseline , do not just apply it because it's fairly restrictive, modify and apply it to your needs.

Checking the STIG for Windows 10 is also a good place to look: http://iase.disa.mil/stigs/os/windows/Pages/win10.aspx

Set Windows firewall to deny everything that is not needed. Enable firewall logging and increase the size of the log. Go to your interface settings and disable whatever you don't use, same goes for any services.

Increase the max sizes of your event logs.


This is off the top of my head