How to Layer Your Security Needs
-
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
Lastly, how do you layer your security if its different than usual?
I'm totally focused on LANless design. Nothing on my network should be protected by something at the network level. Not that network protection should not exist, but it should never matter. Most attacks come from the LAN, not the WAN, and if your protection sits at the WAN barrier, most attacks will have already bypassed it.
Every device that we have, we treat as if it is going to sit directly on the Internet. Nothing is exposed, nothing trusts the LAN. There are exceptions for non-LAN networks like a pure play SAN or cluster interconnects.
So by lanless you mean it is protected as much as possible at the workstation level and not relying on a UTM to do all the work for it instead?
-
@dafyre said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
UTMs to avoid...
My feeling here is that the only real UTM worth considering is Palo Alto. Deploying anything less just doesn't make sense. UTMs are full of problems and their value comes from being insanely comprehensive, which is what PA does. Other UTM products that are cheaper tend to be from unreliable vendors and of questionable value.
Speaking from experience here, I will agree with this statement. I've run some UTM setups that came Prepckaged (Fortinet, Smoothwall, Untangle), and I have built some around Suricata (or Snort), Squid, DansGuardian, ClamAV and Shorewall.
These things are not easy to build right and do well. They all did Firewalling and routing right, but something screwy with other things like Traffic shaping or application filtering. Even tweaking them for your environment can be more of a pain than it's worth.
Yeah I don't know about all of those but Snort and Untangle can be difficult if you don;t have a lot of experience with using them. Not that they can't be figured out but its as you said, a pain...
-
@jmoore said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
AV....
There are several decent AV vendors, and tons of terrible ones. In most cases, I would just stick with Windows Defender. If you are going to get into the Windows ecosystem and don't trust Windows security, you need to rethink what you are doing.
Understandably getting a central console for AV can be important, so products like Webroot can be great. They are one of the few AV companies that haven't done something to make me really question their integrity or quality.
that makes a lot of sense. I read in lots of places when people ask for AV recommendations it is always somethign different and Defender is barely mentioned. Why is that then?
Because no one makes money pushing Defender.
-
@dashrender said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
AV....
There are several decent AV vendors, and tons of terrible ones. In most cases, I would just stick with Windows Defender. If you are going to get into the Windows ecosystem and don't trust Windows security, you need to rethink what you are doing.
Understandably getting a central console for AV can be important, so products like Webroot can be great. They are one of the few AV companies that haven't done something to make me really question their integrity or quality.
If you need centralized reporting on Windows Defender, you can purchase Intune.
I have not used it yet but I heard it was pretty cool. Thanks I will look into it more
-
@jmoore said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
Lastly, how do you layer your security if its different than usual?
I'm totally focused on LANless design. Nothing on my network should be protected by something at the network level. Not that network protection should not exist, but it should never matter. Most attacks come from the LAN, not the WAN, and if your protection sits at the WAN barrier, most attacks will have already bypassed it.
Every device that we have, we treat as if it is going to sit directly on the Internet. Nothing is exposed, nothing trusts the LAN. There are exceptions for non-LAN networks like a pure play SAN or cluster interconnects.
So by lanless you mean it is protected as much as possible at the workstation level and not relying on a UTM to do all the work for it instead?
Right, act like everything is exposed (because it is) and never assume that the LAN is a safe place.
-
@jmoore said in How to Layer Your Security Needs:
@dashrender said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
AV....
There are several decent AV vendors, and tons of terrible ones. In most cases, I would just stick with Windows Defender. If you are going to get into the Windows ecosystem and don't trust Windows security, you need to rethink what you are doing.
Understandably getting a central console for AV can be important, so products like Webroot can be great. They are one of the few AV companies that haven't done something to make me really question their integrity or quality.
If you need centralized reporting on Windows Defender, you can purchase Intune.
I have not used it yet but I heard it was pretty cool. Thanks I will look into it more
InTune isn't cheap or nice. We tried it for a while, but it's not very impressive.
-
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
AV....
There are several decent AV vendors, and tons of terrible ones. In most cases, I would just stick with Windows Defender. If you are going to get into the Windows ecosystem and don't trust Windows security, you need to rethink what you are doing.
Understandably getting a central console for AV can be important, so products like Webroot can be great. They are one of the few AV companies that haven't done something to make me really question their integrity or quality.
that makes a lot of sense. I read in lots of places when people ask for AV recommendations it is always somethign different and Defender is barely mentioned. Why is that then?
Because no one makes money pushing Defender.
Plus people are MS haters.
-
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
Any brands of firewalls or AV to avoid?
Loads and loads. It's more the other way around, which make sense to consider.
For firewalls, first you can't lump firewalls and UTM together. Different animals from different vendors.
I thought UTM's were firewalls with a lot more features. Kind of like, a do everything security box?
They are, sort of. UTM means "firewall plus loads of applications." It's a silly thing. The firewall is still the firewall, the UTM functionality is apps running on top of the firewall's processor.
ok I see. I have never liked designs like that. I do prefer the independent designs as things just seem to work better and easier by configuring each functionality separately as you need it.
-
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
@dashrender said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
AV....
There are several decent AV vendors, and tons of terrible ones. In most cases, I would just stick with Windows Defender. If you are going to get into the Windows ecosystem and don't trust Windows security, you need to rethink what you are doing.
Understandably getting a central console for AV can be important, so products like Webroot can be great. They are one of the few AV companies that haven't done something to make me really question their integrity or quality.
If you need centralized reporting on Windows Defender, you can purchase Intune.
I have not used it yet but I heard it was pretty cool. Thanks I will look into it more
InTune isn't cheap or nice. We tried it for a while, but it's not very impressive.
No, it's not cheap, about the same cost as most other AV packages... but it does include MDM type functionality though.
-
@dashrender said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
AV....
There are several decent AV vendors, and tons of terrible ones. In most cases, I would just stick with Windows Defender. If you are going to get into the Windows ecosystem and don't trust Windows security, you need to rethink what you are doing.
Understandably getting a central console for AV can be important, so products like Webroot can be great. They are one of the few AV companies that haven't done something to make me really question their integrity or quality.
that makes a lot of sense. I read in lots of places when people ask for AV recommendations it is always somethign different and Defender is barely mentioned. Why is that then?
Because no one makes money pushing Defender.
Plus people are MS haters.
It's true. There is a weird cultural thing amongst the Windows crowd to demand to use Windows, but to distrust it in crazy ways.
-
@jmoore said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
Any brands of firewalls or AV to avoid?
Loads and loads. It's more the other way around, which make sense to consider.
For firewalls, first you can't lump firewalls and UTM together. Different animals from different vendors.
I thought UTM's were firewalls with a lot more features. Kind of like, a do everything security box?
They are, sort of. UTM means "firewall plus loads of applications." It's a silly thing. The firewall is still the firewall, the UTM functionality is apps running on top of the firewall's processor.
ok I see. I have never liked designs like that. I do prefer the independent designs as things just seem to work better and easier by configuring each functionality separately as you need it.
And your firewall you want to be 100% screaming fast and 100% reliable. Putting UTM functions on there is just asking things to fail.
-
@dashrender said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
@dashrender said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
AV....
There are several decent AV vendors, and tons of terrible ones. In most cases, I would just stick with Windows Defender. If you are going to get into the Windows ecosystem and don't trust Windows security, you need to rethink what you are doing.
Understandably getting a central console for AV can be important, so products like Webroot can be great. They are one of the few AV companies that haven't done something to make me really question their integrity or quality.
If you need centralized reporting on Windows Defender, you can purchase Intune.
I have not used it yet but I heard it was pretty cool. Thanks I will look into it more
InTune isn't cheap or nice. We tried it for a while, but it's not very impressive.
No, it's not cheap, about the same cost as most other AV packages... but it does include MDM type functionality though.
Many times Webroot, back when we used it.
-
@dashrender said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
AV....
There are several decent AV vendors, and tons of terrible ones. In most cases, I would just stick with Windows Defender. If you are going to get into the Windows ecosystem and don't trust Windows security, you need to rethink what you are doing.
Understandably getting a central console for AV can be important, so products like Webroot can be great. They are one of the few AV companies that haven't done something to make me really question their integrity or quality.
that makes a lot of sense. I read in lots of places when people ask for AV recommendations it is always somethign different and Defender is barely mentioned. Why is that then?
Because no one makes money pushing Defender.
Plus people are MS haters.
You are right on that. I mean I don't like a lot of things either but if your business is built around Microsoft products then it really does make sense to use Defender for most people
-
@jmoore said in How to Layer Your Security Needs:
@dashrender said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
AV....
There are several decent AV vendors, and tons of terrible ones. In most cases, I would just stick with Windows Defender. If you are going to get into the Windows ecosystem and don't trust Windows security, you need to rethink what you are doing.
Understandably getting a central console for AV can be important, so products like Webroot can be great. They are one of the few AV companies that haven't done something to make me really question their integrity or quality.
that makes a lot of sense. I read in lots of places when people ask for AV recommendations it is always somethign different and Defender is barely mentioned. Why is that then?
Because no one makes money pushing Defender.
Plus people are MS haters.
You are right on that. I mean I don't like a lot of things either but if your business is built around Microsoft products then it really does make sense to use Defender for most people
Yes, embrace or move on. This weird half assed approach is the worst. It's like they tend to start off as fan bois, then suddenly become haters of their own platform choices.
-
@scottalanmiller said in How to Layer Your Security Needs:
@dashrender said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
@dashrender said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
AV....
There are several decent AV vendors, and tons of terrible ones. In most cases, I would just stick with Windows Defender. If you are going to get into the Windows ecosystem and don't trust Windows security, you need to rethink what you are doing.
Understandably getting a central console for AV can be important, so products like Webroot can be great. They are one of the few AV companies that haven't done something to make me really question their integrity or quality.
If you need centralized reporting on Windows Defender, you can purchase Intune.
I have not used it yet but I heard it was pretty cool. Thanks I will look into it more
InTune isn't cheap or nice. We tried it for a while, but it's not very impressive.
No, it's not cheap, about the same cost as most other AV packages... but it does include MDM type functionality though.
Many times Webroot, back when we used it.
HUH - the last time I looked at webroot, they were $35/MSRP, and for reals around $20/seat... I thought Intune is around $20/seat?
-
@dashrender said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
@dashrender said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
@dashrender said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
AV....
There are several decent AV vendors, and tons of terrible ones. In most cases, I would just stick with Windows Defender. If you are going to get into the Windows ecosystem and don't trust Windows security, you need to rethink what you are doing.
Understandably getting a central console for AV can be important, so products like Webroot can be great. They are one of the few AV companies that haven't done something to make me really question their integrity or quality.
If you need centralized reporting on Windows Defender, you can purchase Intune.
I have not used it yet but I heard it was pretty cool. Thanks I will look into it more
InTune isn't cheap or nice. We tried it for a while, but it's not very impressive.
No, it's not cheap, about the same cost as most other AV packages... but it does include MDM type functionality though.
Many times Webroot, back when we used it.
HUH - the last time I looked at webroot, they were $35/MSRP, and for reals around $20/seat... I thought Intune is around $20/seat?
No way. Webroot is nothing like that. Not even close. And Intune is way more.
-
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
Any brands of firewalls or AV to avoid?
Loads and loads. It's more the other way around, which make sense to consider.
For firewalls, first you can't lump firewalls and UTM together. Different animals from different vendors.
I thought UTM's were firewalls with a lot more features. Kind of like, a do everything security box?
They are, sort of. UTM means "firewall plus loads of applications." It's a silly thing. The firewall is still the firewall, the UTM functionality is apps running on top of the firewall's processor.
ok I see. I have never liked designs like that. I do prefer the independent designs as things just seem to work better and easier by configuring each functionality separately as you need it.
And your firewall you want to be 100% screaming fast and 100% reliable. Putting UTM functions on there is just asking things to fail.
yeah that whole concept sounds like putting a gui, email client, and a music app on your fedora server. just not needed.
-
My preferred config?
Firewall -> Local Anti-Virus and ransomeware prevention.
IDS/IPS at the network level along with asset monitoring.Depending on the needs of the organization, more can be added on, but I'd consider that the starting point to not be without.
-
InTune pricing is $72 - $144 per user, per year.
-
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
@dashrender said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
AV....
There are several decent AV vendors, and tons of terrible ones. In most cases, I would just stick with Windows Defender. If you are going to get into the Windows ecosystem and don't trust Windows security, you need to rethink what you are doing.
Understandably getting a central console for AV can be important, so products like Webroot can be great. They are one of the few AV companies that haven't done something to make me really question their integrity or quality.
that makes a lot of sense. I read in lots of places when people ask for AV recommendations it is always somethign different and Defender is barely mentioned. Why is that then?
Because no one makes money pushing Defender.
Plus people are MS haters.
You are right on that. I mean I don't like a lot of things either but if your business is built around Microsoft products then it really does make sense to use Defender for most people
Yes, embrace or move on. This weird half assed approach is the worst. It's like they tend to start off as fan bois, then suddenly become haters of their own platform choices.
I think that people are stuck in the past - Security Essentials was pretty bad.. but MS was just getting it's feet wet. By now it's on par in my opinion. Others think - you get what you pay for - i.e. Defender is free, therefore it must be shit.. so they must pay to get something worthwhile.
and others want/demand the central console, which you can't get without Intune, so you'd be spending either way.