If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
Malware Bytes and Web Root
Hi All,
I asked Av-comparatives to add Web Root and Malware Bytes to their list and their answer was maybe next year. I had a guy call me who loved his Web Root who got infected with Ransomware, so I am suspicious. Chris Titus seems to like it. Another customer has both Avast Free and Malware Bytes running and wants to keep both I have always used Malware Bytes to remove junkware, but as an Anti Virus ???? I can not find comparison test of these two anywhere. Anyone have any experience with these two? Many thanks, -T |
Ads |
#2
|
|||
|
|||
Malware Bytes and Web Root
On 11/12/19 8:45 PM, n/a wrote:
2. Install a hardware firewall (ie. pfSense as an example) that covers all the segments of their network - everything from credit card systems to HVAC sensors. Anything that has an Ethernet interface is subject to attack these days. I adore the Watch Guard firewalls. But it is really hard to get anyone to up for the cost. When I am doing internal penetration testing on customer's networks, I have found that it is impossible to stealth a Windows computer. You can easily do that with Linux, but not Windows. Geez ... |
#3
|
|||
|
|||
Malware Bytes and Web Root
T wrote:
On 11/12/19 8:45 PM, n/a wrote: 2. Install a hardware firewall (ie. pfSense as an example) that covers all the segments of their network - everything from credit card systems to HVAC sensors. Anything that has an Ethernet interface is subject to attack these days. I adore the Watch Guard firewalls. But it is really hard to get anyone to up for the cost. When I am doing internal penetration testing on customer's networks, I have found that it is impossible to stealth a Windows computer. You can easily do that with Linux, but not Windows. Geez ... Why is that ? Why can't incoming packets to a Windows machine, be redirected to a non-existent network ? That would prevent the Windows machine from consuming the packet locally and making a response. Paul |
#4
|
|||
|
|||
Malware Bytes and Web Root
On 11/13/19 1:41 AM, Paul wrote:
T wrote: On 11/12/19 8:45 PM, n/a wrote: 2. Install a hardware firewall (ie. pfSense as an example) that covers all the segments of their network - everything from credit card systems to HVAC sensors. Anything that has an Ethernet interface is subject to attack these days. I adore the Watch Guard firewalls.Â* But it is really hard to get anyone to up for the cost. When I am doing internal penetration testing on customer's networks, I have found that it is impossible to stealth a Windows computer.Â* You can easily do that with Linux, but not Windows. Geez ... Why is that ? Why can't incoming packets to a Windows machine, be redirected to a non-existent network ? That would prevent the Windows machine from consuming the packet locally and making a response. Â*Â* Paul Hi Paul, If I get a "REJECT" back, I know they are the open port, no response and I got you. Basically, if you are running Windows, I am going to find you. And I bet you show up in arp tables too. Windows like to blab about itself on a network. Fills the pipes with a lot of trash. And the responses to this blabbing gives them away. I haven't found a firewall yet for Windows that will stealth them. I may have some old scans kicking around somewhere. Would you like me to see if I can find them for you? -T |
#5
|
|||
|
|||
Malware Bytes and Web Root
T wrote:
On 11/13/19 1:41 AM, Paul wrote: T wrote: On 11/12/19 8:45 PM, n/a wrote: 2. Install a hardware firewall (ie. pfSense as an example) that covers all the segments of their network - everything from credit card systems to HVAC sensors. Anything that has an Ethernet interface is subject to attack these days. I adore the Watch Guard firewalls. But it is really hard to get anyone to up for the cost. When I am doing internal penetration testing on customer's networks, I have found that it is impossible to stealth a Windows computer. You can easily do that with Linux, but not Windows. Geez ... Why is that ? Why can't incoming packets to a Windows machine, be redirected to a non-existent network ? That would prevent the Windows machine from consuming the packet locally and making a response. Paul Hi Paul, If I get a "REJECT" back, I know they are the open port, no response and I got you. Basically, if you are running Windows, I am going to find you. And I bet you show up in arp tables too. Windows like to blab about itself on a network. Fills the pipes with a lot of trash. And the responses to this blabbing gives them away. I haven't found a firewall yet for Windows that will stealth them. I may have some old scans kicking around somewhere. Would you like me to see if I can find them for you? -T if you get a REJECT back ("NAK"), that's probably a "closed port". An "open port", returns a response, and is a dead giveaway. The third possibility, is you re-route the packet, so the machine makes no response at all (as far as the source of the ping is concerned). It doesn't look like a NAK. And the machine does not respond and return a result to the source. On my home router, I port forwarded incoming IDENTD to "the vacuum of space", so that the router would not make a response. The Shields Up scan could then give a stealth rating (even though at the time, the Shields Up scan wasn't as good as it could be, and it was triggering the hammering detection on the router). To do valid testing on a router, you can't be feeding it a pattern that trips any defensive mechanisms of that sort, or it will invalidate your test. The incoming packets need to have random port numbers (out of the pool you want to test), and the rate or port numbers, can't trip the defenses. The log on the router can tell you, whether you've triggered the defenses, and then your test is rendered invalid. My router had a particular name for whatever that defense mechanism is called. If you test port numbers in order 1,2,3,4,5 and so on, the router can actually notice that... and just clam up. Now your scan is rendered worthless, because it does not represent the real exposure of random port testing. The way the script kiddies will be doing it. Paul |
#6
|
|||
|
|||
Malware Bytes and Web Root
"T" wrote in message ...
On 11/13/19 1:41 AM, Paul wrote: T wrote: On 11/12/19 8:45 PM, n/a wrote: 2. Install a hardware firewall (ie. pfSense as an example) that covers all the segments of their network - everything from credit card systems to HVAC sensors. Anything that has an Ethernet interface is subject to attack these days. I adore the Watch Guard firewalls. But it is really hard to get anyone to up for the cost. When I am doing internal penetration testing on customer's networks, I have found that it is impossible to stealth a Windows computer. You can easily do that with Linux, but not Windows. Geez ... Why is that ? Why can't incoming packets to a Windows machine, be redirected to a non-existent network ? That would prevent the Windows machine from consuming the packet locally and making a response. Paul Hi Paul, If I get a "REJECT" back, I know they are the open port, no response and I got you. Basically, if you are running Windows, I am going to find you. And I bet you show up in arp tables too. Windows like to blab about itself on a network. Fills the pipes with a lot of trash. And the responses to this blabbing gives them away. I haven't found a firewall yet for Windows that will stealth them. I may have some old scans kicking around somewhere. Would you like me to see if I can find them for you? -T I've never really had any reason to try and make a system totally stealth within a network - but you can achieve some isolation by turning off Network Discovery. Does that make it totally stealth - I have no idea because of all the variables involved in a business network and the other hardware involved. For instance, a NAS needs to be able to detect the systems on a network that are part of it's backup scheme. Or if you have a smart switch on the network and query it's logs - you'll find it. When I do need to isolate a system from others on a network (e.g. credit card systems, security systems etc.,), I use a segmented network which can be a virtual LAN or hardwired to a switch/firewall to achieve that isolation. So why would you try to make a system stealth on a business type network when it's part of an Ethernet technology network that by design enables system level communications / control and monitoring of traffic and the discovery of all connected assets? There certainly are good reasons for isolating systems but achieving true stealth status on a network of systems would be very difficult. Just unplug it - done... If you want stealth, disconnect the system from any network (air gapped system) or setup a VM on the networked system and air gap the VM. -- Bob S. |
#7
|
|||
|
|||
Malware Bytes and Web Root
This is about Internal penetration testing as requested
by the customer for PCI (Payment Card Industry) compliance. No one get their hackles up! On 11/13/19 12:28 PM, Paul wrote: ifÂ*youÂ*getÂ*aÂ*REJECTÂ*backÂ*("NAK"),Â*that'sÂ*p robablyÂ*aÂ*"closedÂ*port". Hi Paul, A REJECT or a closed port tells me I have found a device/computer. That is initially what I am after. AnÂ*"openÂ*port",Â*returnsÂ*aÂ*response,Â*andÂ*is *aÂ*deadÂ*giveaway. Even worse. After I find a computer, then I start running all kinds of weird sh*t at it look to find any vulnerabilities that are unpatched/unprotected. If you are running a Windows computer, I am going to find you. Does not mean I can break into you. I haven't broke into one yet, but then again, I am the one doing the hardening before doing the penetration testing, so that would be a total embarrassment. My point-of-sale computers are locked down things of beauty. I also find anything unauthorized someone has added, such as a wireless router under their workbench so they can get wireless on their cell phone. I recommend that companies use a segmented network leg with wireless capability for folks to surf with their cell phones and stay off their point-of-sale computers for surfing. Like distracting a dog with a toy. You can only push the hard ass stuff so far. And, LISTEN UP TARGET!!! Point-of-sale computers must ALWAYS be on segmented network legs ALL BY THEMSELVES. NO COMPROMISES! -T |
Thread Tools | |
Display Modes | Rate This Thread |
|
|