How to Layer Your Security Needs
-
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
Any brands of firewalls or AV to avoid?
Loads and loads. It's more the other way around, which make sense to consider.
For firewalls, first you can't lump firewalls and UTM together. Different animals from different vendors.
I thought UTM's were firewalls with a lot more features. Kind of like, a do everything security box?
They are, sort of. UTM means "firewall plus loads of applications." It's a silly thing. The firewall is still the firewall, the UTM functionality is apps running on top of the firewall's processor.
ok I see. I have never liked designs like that. I do prefer the independent designs as things just seem to work better and easier by configuring each functionality separately as you need it.
And your firewall you want to be 100% screaming fast and 100% reliable. Putting UTM functions on there is just asking things to fail.
yeah that whole concept sounds like putting a gui, email client, and a music app on your fedora server. just not needed.
-
My preferred config?
Firewall -> Local Anti-Virus and ransomeware prevention.
IDS/IPS at the network level along with asset monitoring.Depending on the needs of the organization, more can be added on, but I'd consider that the starting point to not be without.
-
InTune pricing is $72 - $144 per user, per year.
-
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
@dashrender said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
AV....
There are several decent AV vendors, and tons of terrible ones. In most cases, I would just stick with Windows Defender. If you are going to get into the Windows ecosystem and don't trust Windows security, you need to rethink what you are doing.
Understandably getting a central console for AV can be important, so products like Webroot can be great. They are one of the few AV companies that haven't done something to make me really question their integrity or quality.
that makes a lot of sense. I read in lots of places when people ask for AV recommendations it is always somethign different and Defender is barely mentioned. Why is that then?
Because no one makes money pushing Defender.
Plus people are MS haters.
You are right on that. I mean I don't like a lot of things either but if your business is built around Microsoft products then it really does make sense to use Defender for most people
Yes, embrace or move on. This weird half assed approach is the worst. It's like they tend to start off as fan bois, then suddenly become haters of their own platform choices.
I think that people are stuck in the past - Security Essentials was pretty bad.. but MS was just getting it's feet wet. By now it's on par in my opinion. Others think - you get what you pay for - i.e. Defender is free, therefore it must be shit.. so they must pay to get something worthwhile.
and others want/demand the central console, which you can't get without Intune, so you'd be spending either way.
-
@jmoore said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
Any brands of firewalls or AV to avoid?
Loads and loads. It's more the other way around, which make sense to consider.
For firewalls, first you can't lump firewalls and UTM together. Different animals from different vendors.
I thought UTM's were firewalls with a lot more features. Kind of like, a do everything security box?
They are, sort of. UTM means "firewall plus loads of applications." It's a silly thing. The firewall is still the firewall, the UTM functionality is apps running on top of the firewall's processor.
ok I see. I have never liked designs like that. I do prefer the independent designs as things just seem to work better and easier by configuring each functionality separately as you need it.
And your firewall you want to be 100% screaming fast and 100% reliable. Putting UTM functions on there is just asking things to fail.
yeah that whole concept sounds like putting a gui, email client, and a music app on your fedora server. just not needed.
Exactly what it is.
-
Webroot is about $36 per seat per year. So starting point is half the cost of Intune's starting point.
-
@dashrender said in How to Layer Your Security Needs:
and others want/demand the central console, which you can't get without Intune, so you'd be spending either way.
Except you can. Even SW used to offer that.
-
@travisdh1 said in How to Layer Your Security Needs:
My preferred config?
Firewall -> Local Anti-Virus and ransomeware prevention.
IDS/IPS at the network level along with asset monitoring.Depending on the needs of the organization, more can be added on, but I'd consider that the starting point to not be without.
I have used Snort before and i think it did those functions. What do you recommend using for IDS/IPS protection on Windows and on Linux?
-
@jmoore said in How to Layer Your Security Needs:
@travisdh1 said in How to Layer Your Security Needs:
My preferred config?
Firewall -> Local Anti-Virus and ransomeware prevention.
IDS/IPS at the network level along with asset monitoring.Depending on the needs of the organization, more can be added on, but I'd consider that the starting point to not be without.
I have used Snort before and i think it did those functions. What do you recommend using for IDS/IPS protection on Windows and on Linux?
IDS/IPS go on the network, not on an OS.
-
@scottalanmiller said in How to Layer Your Security Needs:
InTune pricing is $72 - $144 per user, per year.
wow thats expensive for reporting
-
@jmoore said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
InTune pricing is $72 - $144 per user, per year.
wow thats expensive for reporting
Yup, there is a reason we don't use it.
-
@dashrender said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
@dashrender said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
AV....
There are several decent AV vendors, and tons of terrible ones. In most cases, I would just stick with Windows Defender. If you are going to get into the Windows ecosystem and don't trust Windows security, you need to rethink what you are doing.
Understandably getting a central console for AV can be important, so products like Webroot can be great. They are one of the few AV companies that haven't done something to make me really question their integrity or quality.
that makes a lot of sense. I read in lots of places when people ask for AV recommendations it is always somethign different and Defender is barely mentioned. Why is that then?
Because no one makes money pushing Defender.
Plus people are MS haters.
You are right on that. I mean I don't like a lot of things either but if your business is built around Microsoft products then it really does make sense to use Defender for most people
Yes, embrace or move on. This weird half assed approach is the worst. It's like they tend to start off as fan bois, then suddenly become haters of their own platform choices.
I think that people are stuck in the past - Security Essentials was pretty bad.. but MS was just getting it's feet wet. By now it's on par in my opinion. Others think - you get what you pay for - i.e. Defender is free, therefore it must be shit.. so they must pay to get something worthwhile.
and others want/demand the central console, which you can't get without Intune, so you'd be spending either way.
doesn't group policy do everything you need as far as updating and such? do most people really need a central console?
-
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
@travisdh1 said in How to Layer Your Security Needs:
My preferred config?
Firewall -> Local Anti-Virus and ransomeware prevention.
IDS/IPS at the network level along with asset monitoring.Depending on the needs of the organization, more can be added on, but I'd consider that the starting point to not be without.
I have used Snort before and i think it did those functions. What do you recommend using for IDS/IPS protection on Windows and on Linux?
IDS/IPS go on the network, not on an OS.
i must be confused or remembering wrong then, how does IDS/IPS work then?
-
@jmoore said in How to Layer Your Security Needs:
@dashrender said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
@dashrender said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
AV....
There are several decent AV vendors, and tons of terrible ones. In most cases, I would just stick with Windows Defender. If you are going to get into the Windows ecosystem and don't trust Windows security, you need to rethink what you are doing.
Understandably getting a central console for AV can be important, so products like Webroot can be great. They are one of the few AV companies that haven't done something to make me really question their integrity or quality.
that makes a lot of sense. I read in lots of places when people ask for AV recommendations it is always somethign different and Defender is barely mentioned. Why is that then?
Because no one makes money pushing Defender.
Plus people are MS haters.
You are right on that. I mean I don't like a lot of things either but if your business is built around Microsoft products then it really does make sense to use Defender for most people
Yes, embrace or move on. This weird half assed approach is the worst. It's like they tend to start off as fan bois, then suddenly become haters of their own platform choices.
I think that people are stuck in the past - Security Essentials was pretty bad.. but MS was just getting it's feet wet. By now it's on par in my opinion. Others think - you get what you pay for - i.e. Defender is free, therefore it must be shit.. so they must pay to get something worthwhile.
and others want/demand the central console, which you can't get without Intune, so you'd be spending either way.
doesn't group policy do everything you need as far as updating and such? do most people really need a central console?
It would, yes. Just doesn't provide central monitoring.
-
@jmoore said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
@travisdh1 said in How to Layer Your Security Needs:
My preferred config?
Firewall -> Local Anti-Virus and ransomeware prevention.
IDS/IPS at the network level along with asset monitoring.Depending on the needs of the organization, more can be added on, but I'd consider that the starting point to not be without.
I have used Snort before and i think it did those functions. What do you recommend using for IDS/IPS protection on Windows and on Linux?
IDS/IPS go on the network, not on an OS.
i must be confused or remembering wrong then, how does IDS/IPS work then?
IDS watches the network traffic, across the entire network.
-
@jmoore said in How to Layer Your Security Needs:
@travisdh1 said in How to Layer Your Security Needs:
My preferred config?
Firewall -> Local Anti-Virus and ransomeware prevention.
IDS/IPS at the network level along with asset monitoring.Depending on the needs of the organization, more can be added on, but I'd consider that the starting point to not be without.
I have used Snort before and i think it did those functions. What do you recommend using for IDS/IPS protection on Windows and on Linux?
I'm going to be installing Wazah here this week. While it'll be the first time I've used that specific software setup, it has OSSEC as it's base which I have used quite often. I'm looking forward to seeing how Wazah compares to some of the paid solutions out there.
Also, like @scottalanmiller already said, IDS/IPS exists at the network level, not the OS.
-
@travisdh1 said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
@travisdh1 said in How to Layer Your Security Needs:
My preferred config?
Firewall -> Local Anti-Virus and ransomeware prevention.
IDS/IPS at the network level along with asset monitoring.Depending on the needs of the organization, more can be added on, but I'd consider that the starting point to not be without.
I have used Snort before and i think it did those functions. What do you recommend using for IDS/IPS protection on Windows and on Linux?
I'm going to be installing Wazah here this week. While it'll be the first time I've used that specific software setup, it has OSSEC as it's base which I have used quite often. I'm looking forward to seeing how Wazah compares to some of the paid solutions out there.
Also, like @scottalanmiller already said, IDS/IPS exists at the network level, not the OS.
Ok that is what I am confused about. Where does IDS sit at physically on the network? firewall?
-
We are expecting a full Wazzah how to now.
-
@jmoore said in How to Layer Your Security Needs:
@travisdh1 said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
@travisdh1 said in How to Layer Your Security Needs:
My preferred config?
Firewall -> Local Anti-Virus and ransomeware prevention.
IDS/IPS at the network level along with asset monitoring.Depending on the needs of the organization, more can be added on, but I'd consider that the starting point to not be without.
I have used Snort before and i think it did those functions. What do you recommend using for IDS/IPS protection on Windows and on Linux?
I'm going to be installing Wazah here this week. While it'll be the first time I've used that specific software setup, it has OSSEC as it's base which I have used quite often. I'm looking forward to seeing how Wazah compares to some of the paid solutions out there.
Also, like @scottalanmiller already said, IDS/IPS exists at the network level, not the OS.
Ok that is what I am confused about. Where does IDS sit at physically on the network? firewall?
Nothing should ever sit on the firewall, nothing. Proper "anything network" should be a VM that may or may not get all network traffic, depending on the task.
-
@reid-cooper said in How to Layer Your Security Needs:
We are expecting a full Wazzah how to now.
This is going on a tiny little network, so the how to is "Download the OVA and install that to your hypervisor". Done.