How to Layer Your Security Needs
-
@jmoore said in How to Layer Your Security Needs:
Lastly, how do you layer your security if its different than usual?
I'm totally focused on LANless design. Nothing on my network should be protected by something at the network level. Not that network protection should not exist, but it should never matter. Most attacks come from the LAN, not the WAN, and if your protection sits at the WAN barrier, most attacks will have already bypassed it.
Every device that we have, we treat as if it is going to sit directly on the Internet. Nothing is exposed, nothing trusts the LAN. There are exceptions for non-LAN networks like a pure play SAN or cluster interconnects.
-
@scottalanmiller said in How to Layer Your Security Needs:
UTMs to avoid...
My feeling here is that the only real UTM worth considering is Palo Alto. Deploying anything less just doesn't make sense. UTMs are full of problems and their value comes from being insanely comprehensive, which is what PA does. Other UTM products that are cheaper tend to be from unreliable vendors and of questionable value.
Speaking from experience here, I will agree with this statement. I've run some UTM setups that came Prepckaged (Fortinet, Smoothwall, Untangle), and I have built some around Suricata (or Snort), Squid, DansGuardian, ClamAV and Shorewall.
These things are not easy to build right and do well. They all did Firewalling and routing right, but something screwy with other things like Traffic shaping or application filtering. Even tweaking them for your environment can be more of a pain than it's worth.
-
@scottalanmiller said in How to Layer Your Security Needs:
AV....
There are several decent AV vendors, and tons of terrible ones. In most cases, I would just stick with Windows Defender. If you are going to get into the Windows ecosystem and don't trust Windows security, you need to rethink what you are doing.
Understandably getting a central console for AV can be important, so products like Webroot can be great. They are one of the few AV companies that haven't done something to make me really question their integrity or quality.
If you need centralized reporting on Windows Defender, you can purchase Intune.
-
@dashrender said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
AV....
There are several decent AV vendors, and tons of terrible ones. In most cases, I would just stick with Windows Defender. If you are going to get into the Windows ecosystem and don't trust Windows security, you need to rethink what you are doing.
Understandably getting a central console for AV can be important, so products like Webroot can be great. They are one of the few AV companies that haven't done something to make me really question their integrity or quality.
If you need centralized reporting on Windows Defender, you can purchase Intune.
I assume that you can do it with some scripting, too. Not seen that done, but seems like it would likely be pretty doable.
-
@scottalanmiller said in How to Layer Your Security Needs:
@dashrender said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
AV....
There are several decent AV vendors, and tons of terrible ones. In most cases, I would just stick with Windows Defender. If you are going to get into the Windows ecosystem and don't trust Windows security, you need to rethink what you are doing.
Understandably getting a central console for AV can be important, so products like Webroot can be great. They are one of the few AV companies that haven't done something to make me really question their integrity or quality.
If you need centralized reporting on Windows Defender, you can purchase Intune.
I assume that you can do it with some scripting, too. Not seen that done, but seems like it would likely be pretty doable.
Likely you could pull this type of data using something like Salt, then make your own reports.
-
@dashrender said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
@dashrender said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
AV....
There are several decent AV vendors, and tons of terrible ones. In most cases, I would just stick with Windows Defender. If you are going to get into the Windows ecosystem and don't trust Windows security, you need to rethink what you are doing.
Understandably getting a central console for AV can be important, so products like Webroot can be great. They are one of the few AV companies that haven't done something to make me really question their integrity or quality.
If you need centralized reporting on Windows Defender, you can purchase Intune.
I assume that you can do it with some scripting, too. Not seen that done, but seems like it would likely be pretty doable.
Likely you could pull this type of data using something like Salt, then make your own reports.
Right, seems like a good way to go, assuming that there are necessary hooks for those sorts of things.
-
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
Is it helpful to learn how to host our own DNS( thinking Bind) instead of using something like OpenDns?
That's not usually an either/or scenario. If you are a tiny shop, having no DNS is fine and normal. But once you hit any size, you typically want something for DNS.
OpenDNS or Strongarm.io are a different kind of thing, they are DNS-based security mechanisms for your external access. BIND is for your internal DNS.
Oh got it, I see I was using those terms wrong.
-
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
Any brands of firewalls or AV to avoid?
Loads and loads. It's more the other way around, which make sense to consider.
For firewalls, first you can't lump firewalls and UTM together. Different animals from different vendors.
I thought UTM's were firewalls with a lot more features. Kind of like, a do everything security box?
-
@jmoore said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
Any brands of firewalls or AV to avoid?
Loads and loads. It's more the other way around, which make sense to consider.
For firewalls, first you can't lump firewalls and UTM together. Different animals from different vendors.
I thought UTM's were firewalls with a lot more features. Kind of like, a do everything security box?
They are, sort of. UTM means "firewall plus loads of applications." It's a silly thing. The firewall is still the firewall, the UTM functionality is apps running on top of the firewall's processor.
-
UTM itself is actually the antithesis of security in layers, as the entire point of a UTM is collapsing layers of security down!
-
@scottalanmiller said in How to Layer Your Security Needs:
UTMs to avoid...
My feeling here is that the only real UTM worth considering is Palo Alto. Deploying anything less just doesn't make sense. UTMs are full of problems and their value comes from being insanely comprehensive, which is what PA does. Other UTM products that are cheaper tend to be from unreliable vendors and of questionable value.
I knew Palo Alto made good stuff but did not know they did not have hardly any competition. Good info
-
@jmoore said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
UTMs to avoid...
My feeling here is that the only real UTM worth considering is Palo Alto. Deploying anything less just doesn't make sense. UTMs are full of problems and their value comes from being insanely comprehensive, which is what PA does. Other UTM products that are cheaper tend to be from unreliable vendors and of questionable value.
I knew Palo Alto made good stuff but did not know they did not have hardly any competition. Good info
There is a little, but very little. That will change with time, but as the entire concept of a UTM is, I feel, fundamentally flawed, I doubt that many serious competitors will step into the space.
-
That said, PA does make the best non-UTM network protection, too. That's where I foresee them getting competition eventually.
-
@scottalanmiller said in How to Layer Your Security Needs:
AV....
There are several decent AV vendors, and tons of terrible ones. In most cases, I would just stick with Windows Defender. If you are going to get into the Windows ecosystem and don't trust Windows security, you need to rethink what you are doing.
Understandably getting a central console for AV can be important, so products like Webroot can be great. They are one of the few AV companies that haven't done something to make me really question their integrity or quality.
that makes a lot of sense. I read in lots of places when people ask for AV recommendations it is always somethign different and Defender is barely mentioned. Why is that then?
-
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
Lastly, how do you layer your security if its different than usual?
I'm totally focused on LANless design. Nothing on my network should be protected by something at the network level. Not that network protection should not exist, but it should never matter. Most attacks come from the LAN, not the WAN, and if your protection sits at the WAN barrier, most attacks will have already bypassed it.
Every device that we have, we treat as if it is going to sit directly on the Internet. Nothing is exposed, nothing trusts the LAN. There are exceptions for non-LAN networks like a pure play SAN or cluster interconnects.
So by lanless you mean it is protected as much as possible at the workstation level and not relying on a UTM to do all the work for it instead?
-
@dafyre said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
UTMs to avoid...
My feeling here is that the only real UTM worth considering is Palo Alto. Deploying anything less just doesn't make sense. UTMs are full of problems and their value comes from being insanely comprehensive, which is what PA does. Other UTM products that are cheaper tend to be from unreliable vendors and of questionable value.
Speaking from experience here, I will agree with this statement. I've run some UTM setups that came Prepckaged (Fortinet, Smoothwall, Untangle), and I have built some around Suricata (or Snort), Squid, DansGuardian, ClamAV and Shorewall.
These things are not easy to build right and do well. They all did Firewalling and routing right, but something screwy with other things like Traffic shaping or application filtering. Even tweaking them for your environment can be more of a pain than it's worth.
Yeah I don't know about all of those but Snort and Untangle can be difficult if you don;t have a lot of experience with using them. Not that they can't be figured out but its as you said, a pain...
-
@jmoore said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
AV....
There are several decent AV vendors, and tons of terrible ones. In most cases, I would just stick with Windows Defender. If you are going to get into the Windows ecosystem and don't trust Windows security, you need to rethink what you are doing.
Understandably getting a central console for AV can be important, so products like Webroot can be great. They are one of the few AV companies that haven't done something to make me really question their integrity or quality.
that makes a lot of sense. I read in lots of places when people ask for AV recommendations it is always somethign different and Defender is barely mentioned. Why is that then?
Because no one makes money pushing Defender.
-
@dashrender said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
AV....
There are several decent AV vendors, and tons of terrible ones. In most cases, I would just stick with Windows Defender. If you are going to get into the Windows ecosystem and don't trust Windows security, you need to rethink what you are doing.
Understandably getting a central console for AV can be important, so products like Webroot can be great. They are one of the few AV companies that haven't done something to make me really question their integrity or quality.
If you need centralized reporting on Windows Defender, you can purchase Intune.
I have not used it yet but I heard it was pretty cool. Thanks I will look into it more
-
@jmoore said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
@jmoore said in How to Layer Your Security Needs:
Lastly, how do you layer your security if its different than usual?
I'm totally focused on LANless design. Nothing on my network should be protected by something at the network level. Not that network protection should not exist, but it should never matter. Most attacks come from the LAN, not the WAN, and if your protection sits at the WAN barrier, most attacks will have already bypassed it.
Every device that we have, we treat as if it is going to sit directly on the Internet. Nothing is exposed, nothing trusts the LAN. There are exceptions for non-LAN networks like a pure play SAN or cluster interconnects.
So by lanless you mean it is protected as much as possible at the workstation level and not relying on a UTM to do all the work for it instead?
Right, act like everything is exposed (because it is) and never assume that the LAN is a safe place.
-
@jmoore said in How to Layer Your Security Needs:
@dashrender said in How to Layer Your Security Needs:
@scottalanmiller said in How to Layer Your Security Needs:
AV....
There are several decent AV vendors, and tons of terrible ones. In most cases, I would just stick with Windows Defender. If you are going to get into the Windows ecosystem and don't trust Windows security, you need to rethink what you are doing.
Understandably getting a central console for AV can be important, so products like Webroot can be great. They are one of the few AV companies that haven't done something to make me really question their integrity or quality.
If you need centralized reporting on Windows Defender, you can purchase Intune.
I have not used it yet but I heard it was pretty cool. Thanks I will look into it more
InTune isn't cheap or nice. We tried it for a while, but it's not very impressive.