OpenSec

Bushra Bashir asked:




Over the past recent years security has become the major concern of the internet users. It is important to keep your home computer secure from the viruses, hackers, spyware and other security threats. These security tips are applied on the Windows based operating systems such as Microsoft Windows 2000 Professional, Windows XP Professional and Windows 2003 Server. The general methods of securing your computer and network is keeping your operating system up-to-date, installing up-to-dated antivirus program, anti spyware program, applying security templates, restricting the access to computer server of unauthorized users and applying security patches Microsoft’s website.

The major threats to computer are viruses, spyware, accidental deletion of the files, information theft and unauthorized access. More and more malicious codes are being are written to develop the viruses, Trojan horses, spyware, malware and adware.

Applying local security policies on each computer in a network is a must and you can access the local security policies in the Administrative tools in the Window’s control panel or by simply running it secpol.msc or gpedit.msc. Remmeber that the key policies that should be enabled are audit login for the failed events, creating password policies and requiring Ctrl+Alt+del for login.

If you have made a shared folder in your computer to be accessed by the other users in network, make sure that you have set the permissions to access this folder to only the required users. If you haven’t secured the shared folder by restricting the permissions then your sensitive information can be leaked and your data can be deleted accidentally from the shared folder.

If your computer is directly connected to the internet through Dial up connection, DSL or cable net you need to protect your computer by connecting the hardware firewall and it is also a good idea to install and configure the software firewall as well. In Windows XP there is built in Firewall installed and you can turn it on and off by going to control panel and select “Network and Internet Connections”. You can also try Sygate personal firewall.

Another security measure is to identify the mysterious processes running at the backend with the operating system. These processes starts when the Windows startup. Identify the description and command line instructions for each process.

Bad or weak passwords are the most important causes of the security compromises. A password should never be a dictionary word. A password has less chance to be cracked if it has been changed regularly. Always use the combinations of the alphanumeric, symbols and spaces between words etc to make strong password.

Last but not the least security measure is to encrypting your important files so that they can’t be accessed and read by the unauthorized users.

theacademypro asked:

This video demonstrates how to create administrative profiles with Check Point. See more at www.theacademypro.com

555 asked:


I have Spyware search and destroy,I have just found and delete spyware called Mcrosoft security centre firewall override.
when i tried to on it,it said an unknown problem stop windows from showing firewall setting.

Ray Fritzu asked:




Almost each and every personal computer user has got word that they could do with a desktop software firewall so that they can keep their pc secure. However most users don’t understand exactly why or even just what the risks connected with not employing one are. This is the reason so many people have problems with destructive software attacks and pc failures. It is also the primary reason that identity theft is happening more often.

Desktop firewall computer software functions through blocking all incoming and outgoing data transmissions that are not normal or authorized. Your personal computer has numerous entry points within its os that are referred to as ports. Such software ports perform almost precisely like harbor ports do in our world. The only real difference is the fact that these kinds of ports handle data transmission.

You will find at least 70000 of these software ports within the typical os. The key reason why there are plenty of of them is that there are many applications that many of us use on a regular basis. Instant messengers, email clients, automatic updating software, remote service software, and even computer games all use ports in this range in order to communicate with the outside world. They’re furthermore utilised in small and large size personal computer networking.

Regrettably these are additionally particularly vulnerable to exterior access which explains why some sort of desktop firewall is essential for the security of your pc. Since the advent of malicious software an incredible number of computer users are actually affected with infections, spyware, malware, adware, as well as lately ransomware. These all possess their particular specific functions but the conclusion is these are there in order to wreck your machine. Spyware and ransomware have their own parts to play in identity theft.

Spyware monitors every single word you type in your machine and ransomware locks up your machine and also demands credit card details in order to gain access to the web again. When information is gathered or entered they then send that back to their creators who seem to after that use it for identity theft purposes. A desktop firewall can help avoid these parasites by supervising port traffic and blocking the foremost frequently mistreated ports.

The majority of firewalls permit you to lay down which incoming connections are risk-free and also which types aren’t. That is additionally true for outbound traffic. Sometimes when spyware infiltrates a machine it could possibly get in yet won’t be able to transmit its data as a result of somebody denying it internet access. Apart from identity theft parasites may also corrupt os data files and force you to reformat the computer.

This may result in a massive loss of crucial data for people who tend to be unprepared for something like this taking place. This is why it’s so essential that you back up your critical data such as finance details or tax records at least once a month. Businesses ought to back up their data between once a day and once a week based on the nature of the data in question. In the event something does happen you’ll be able to restore your computer data easily.

Having a desktop firewall can protect you against malicious software and other parasites. These parasites are usually built to destroy your operating system and help to steal your identity. A firewall is only as smart as its user however as many of them require user confirmation for certain events. Remember to surf the web safely, smartly, and avoid fishy emails.

bluedonuts06 asked:

Link: www.buy.com zywall 2WG provides users even more convenient Internet access with 3G service to eliminate the limitation of the wired network and extends the last-mile service wirelessly. Incorporated the wired environment, the solution can apply Backup WAN and Load Balancing features to various applications while offering more mobility with Wi-Fi connectivity.The zywall 2WG supports zynos ICSA-certified ipsec VPN suitable for deployments from remote sites to the central server. As data encryption over the Internet ensures secure transmission between two sites without expensive leased lines, global interconnectivity can be achieved at a minimal cost. Thanks to the Redundant ipsec VPN feature, the zywall 2wg’s dialup client will keep the connection running even the primary VPN connection fails.The ICSA-certified zynos Firewall on the zywall 2WG provides robust, reliable firewall security with high performance. Based on Stateful Packet inspection and Denial of Service (dos) technology, it provides the first-line defense against hackers, network intruders and other hazardous threats.The zywall 2WG offers the Secure Zone technology that SOHO users can simply deploy access servers in a DMZ zone separated from the trusted local network (LAN). The DMZ zone and WLAN zone have their own DHCP service, and all zones are securely segregated by firewall rules.

needentoknow asked:


I just noticed in the Windows Vista Security center that both windows firewall and webroot internet security are running at the same time. it says they could conflict (which I know) but I can’t remember which, if either, I should turn off.

Ryan asked:


I want kapersky, but idk about what a “good” firewall means.

David Matousek asked:




Common concept

This paragraph describes common concept of Windows personal firewalls. It is not necessary to implement the firewall in a similar way to have it secure. Common personal firewall is implemented as three or four separate components.

Kernel driver

The first part is kernel driver. Its has two main functions and that is why it is sometimes implemented in two components rather than in one. The first function is a packet filter. Usually on the NDIS, TDI or both levels this driver checks every packet that comes in from the network or goes out to the network. This is also known as inbound and outbound connection protection. There exist some personal firewalls that do not implement neither inbound nor outbound connection protection. However, these products also have kernel drivers because of their second function. The second function is called sandbox. The most common methods of the sandbox implementation are SSDT hooks and SSDT GDI hooks. The driver of the firewall replaces some system functions with its own code that verifies the rights of calling application and either denies the action or passes the execution to original code. These methods allows the firewall to control all the possible dangerous activity of applications such as attempts to open files, processes, registry keys, modify firewall settings, automatically respond to its queries etc.

System service

There are special user mode processes called system services. These processes have special functions and behaviour in the system. They run under privileged system user rather than under common user account. This fact allows services to run independently of user and they run also when no user is logged in. The role of service in the personal firewall is to secure the communication between main components. The service receives messages from the GUI and from the kernel driver and forwards this messages to each other. For example if the firewall is in the learning mode, the driver code in hooked SSDT function may be unable to decide whether to allow or deny the action because there is no corresponding rule for the action in the database. In such case it wants the user to decide. This requires to send a message to GUI to show the dialog and to receive the answer from it. This communication is usually implemented through the service component. The service of the firewall is sometimes used to ensure that the GUI is always available for the user.

Graphical user interface

The graphical user interface (GUI) is the user part of the firewall. It often implements a trayicon from which the administration of the firewall is available. Another important function of the GUI is to ask user for the decision of actions when the firewall is in the learning mode.

Self-protection

This is rule no. 1 for all security products, not only for personal firewalls. No matter the perfection of other features, if the firewall is not able to secure itself it is useless. If a malicious activity is able to switch off, disable or destroy the personal firewall it is equivalent not to have any personal firewall at all. All parts of the firewall have to be protected including its processes, files, registry entries, drivers, services and other system resources and objects.

Verification of own components

The verification of own components is very close to the above mentioned Self-protection. Firewalls are usually complex programs and they are often implemented in more than one module or component. In such case there are a few main modules that are executed by the operating system. During the startup or in the middle of run these modules loads other modules of the firewall. We say that the modules are loaded dynamically. It is necessary to check the integrity of all dynamically loaded modules. This implies that the integrity checker must be implemented in one of the main modules.

Inbound and outbound protection

A good personal firewall offers both inbound and outbound protection. The inbound protection means that packets sent from the Internet or local area network to your computer are filtered and only ports that you want to be open are accessible. This protection is standard and is very good and reliable in almost all personal firewalls. On the other hand is the outbound protection which cause problems to all vendors nowadays. The outbound protection means that only applications that are allowed to can access the Internet or local area network. This is not as simple as it looks. Imagine the situation that you want to browse the Internet with your Internet browser and that you do not want other applications to do so. The problem here is that it is not enough only to check which application wants to send the packet to the Internet because modern operating systems allows programs to communicate. An application that is not allowed to access the Internet can start the browser and use it for the communication. Your personal firewall has to protect all those privileged applications against misusing by malware. It has to restrict the access them. But this is still not enough. The personal firewall has to protect itself. Malicious applications should not be able to switch it off or modify its rules. This means that it also has to protect system resources etc. There are many problems in this and we still talk only about one feature – the outbound protection.

Process protection

Every privileged process must be protected against several dangerous actions. Firstly, no malicious application can terminate the process. Secondly, it must not be possible to modify its code or data. Thirdly, it must not be possible to execute any code in a context of any privileged process. This point also includes DLL injection.

File and component protection

The protection of files is very close to Process protection. If a malicious code is able to replace files of privileged applications it is equivalent to modify their code flow when they run. There are two ways how to implement the protection of files. The first way (active protection) is to prevent write and delete access to files that belong to privileged applications. Because this can be hard to implement many firewall coders choose the second way – to check the integrity of modules (component protection). In this case the firewall allows malicious code to damage or replace files of privileged applications. If such application is about to run its modules are verified and the execution is stopped or reported to the user. The file protection is also needed for all system files.

Driver protection

Windows operating systems trust its drivers. This mean that every code that is run by the driver is trusted and thus it is allowed to execute even protected processor’s instruction and has potential access to all system resources. This is why it is necessary to implement a part of security software like personal firewall as a system driver. However, it is also why it is necessary to control loading of new drivers and to protect existing drivers. Malicious programs must not be able to install drivers or modify already loaded drivers.

Service protection

Since a part of the firewall is usually implemented as a system service the protection of system services is also necessary. But it is not only the firewall component that has to be protected. To install a new service is easy way for malware how to persist in the system because system services can be set to run every system start. What is more, a malicious service can be dangerous also because it runs even if no user is logged on. Creation, deletion and control of system services must be protected actions.

Registry protection

Windows registry contains a lot of important system information. Settings of system components can be changed using the registry. An incorrect modification of some registry objects can easily cause system to become unstable or unable to boot. There are many registry keys and values that should be protected against modifications of malicious applications.

Protection of other system resources

There are also different system resources and objects in Windows operating systems. Some of them can be dangerous if they are controlled by malware. One of these objects is a well known section ‘DevicePhysicalMemory’ which can be used to gain the complete control of the system if it is not protected. The firewall must protect those objects that can be misused by malware.

Parent process control

We already know that it is necessary to protect privileged processes. Probably the easiest way how to implement process protection is to control opening of processes and threads. However, if the process protection is implement in this way it is also important to implement Parent process control. Every process in the system has to be created by some other process – its parent. The parent is always given two handles when new it creates child process. These are handle to the process object and handle to its main thread. The given process handle is opened with a full access and thus the parent process can control its child completely. This is why the firewall must restrict the execution of privileged processes. Moreover, the parent process control should be implemented even if the firewall security design does not protect processes via control of opening of processes and threads. Some privileged processes can be misused to execute privilege action if they are run with specific command line arguments. Many firewalls do not distinguish between the execution of privileged and unprivileged processes. They restrict the process creation in general such that only those applications that were selected before are able to create child processes.

Control of automatically started programs

The firewall should protect those places in the operating system that can be used by malware to persist in the system after the reboot. If we allow users to run new unknown applications then there is no chance to protect the system against executing malicious application. And users often download and install or run new applications. The firewall is able to restrict actions of malicious applications such that they are not able to damage the system. However, if the malware application persists in the system it can damage it later when a new security bug is discovered. This is why the firewall should control those applications that are run automatically e.g. after every system start or user logon.

Sniffing protection

Spyware like keyloggers or packet sniffers are dangerous applications because they are made to steal the most sensitive data users can have – their passwords. But not only passwords are targets of these applications. Personal information, personal correspondence or business documents are also sensitive information that must be protected. The firewall has to protect sensitive data not only when they are complete in form of files but also when they are made or being transferred. Keyloggers can receive every key stroke user makes and thus assemble the whole information letter by letter. Packet sniffers are waiting for the messages to be transferred using some network interface and they make copies of sent messages. There are many ways how to implement spyware programs to collect sensitive data and all of them have to be protected by the firewall.

Protection of system resources

Every system has limited resources. Windows workstations are able to deal with a few thousands of objects. This number is sufficient for every work of common users. However, if a malicious program creates thousands of threads the system become unusable and such an action cause Denial of service (DoS). The firewall should limit unprivileged applications to cause DoS. There should be a limit set for number of threads, open files, used memory and other system resources used by unprivileged applications.

No ring3 hooks

The ring3 (or usermode) hooking is a technique that can be use to implement a personal firewall or its parts. However, ring3 hooks can be used only for special features and never for security critical features. A protection implemented by ring3 hooks can be easily bypassed by malicious applications. Ring3 hooks must not be used to restrict behaviour of unknown applications. They can be used very rarely to modify or control the behaviour of privileged applications that are guaranteed not to bypass ring3 hooks.

BitDefenderGermany asked:

3D animation about a car that “drives viruses insane”. The audio was changed to something rocking.