genewitch
join:2007-09-12
Klamath Falls, OR
 ·Charter Pipeline
·Suddenlink
·Cebridge Connections
1 edit | reply to schwendrick
Re: Startup security for "always-on" connection.
said by schwendrick  :Actually I wanted to remove attention from the router as I presumed that's the first thing that would be focused on. At what point during the boot cycle does the PC become vulnerable through the network port, and is it late enough that my security software is enough in place to prevent malware from being installed/executed? Thanks Network should come up last, but there's no guarantee. If you are paranoid about it, before you shut down the machine turn off the network card (nethood ->properties ->device ->disable)
Unless something fishy is going on that should stay set until your machine is completely booted, at which point you can go in and enable it at your leisure.
PS this is how my network is run, there's no internet to any computer until i explicitly boot a virtual machine for that purpose. My computer can't even lease an IP until i do that. |
|
La Luna
Surviving Ashraful
Premium
join:2001-07-12
Warwick, NY
clubs:
·Optimum Online
 ·Vonage
| reply to schwendrick
said by schwendrick :Actually I wanted to remove attention from the router as I presumed that's the first thing that would be focused on.... The idea is to help others, such as those who may also be using this particular router you speak of.
It would be nice to know what router you believe was compromised, how it was compromised, and what lead you to believe you were "targeted" for online intrusion attempts.
--
10,582 DEADLY TERROR ATTACKS SINCE 9/11~~TEAM DISCOVERY
Can't feel you anymore, don't need you anymore, don't believe you anymore, I don't need you anymore
|
|
mikenolan7
Premium
join:2005-06-07
Torrance, CA | reply to schwendrick
Another option would be to use a shutdown script to disable your network connection, then after start-up, enable it manually when you are ready to go online. |
|
schwendrick
join:2005-01-12 | reply to Mele20
Thanks Mele20. Good tips. |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| reply to schwendrick
You can use BootlogXP to show you when your security software loads during the boot process. I have DiamondCS ProcessGuard and it loads extremely early in the boot process before my Antivirus loads even. It is a classic HIPS that runs in kernel mode and would not allow anything that somehow got downloaded before the AV was loaded to execute. It would block it and as soon as Windows finished loading stick a popup in the middle of my screen, where it would be impossible to miss,and demand that I tell it what to do about the new process/program that wants to start.
»www.greatis.com/utilities/bootlogxp/
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason |
|
schwendrick
join:2005-01-12
| reply to schwendrick
Actually I wanted to remove attention from the router as I presumed that's the first thing that would be focused on.
At what point during the boot cycle does the PC become vulnerable through the network port, and is it late enough that my security software is enough in place to prevent malware from being installed/executed?
Thanks |
|
daveinpoway
Premium
join:2006-07-03
Poway, CA | reply to schwendrick
Out of curiosity, what make and model router were you previously using, and what makes you think that it was compromised? |
|
schwendrick
join:2005-01-12
| Hello, I need some good feedback.
I have a PC which gets turned off at the end of the day connected to an "always-on" DSL connection. I do have a NAT router... the prior one was compromised and I have no reson to really trust this one. In the past I've been TARGETED for online intrusion attempts.
I'm concerned about vulnerability for the several seconds during the boot process prior to security software being loaded. I don't know at what point the computer is accessable to the outside world vs. at what point I'm protected.
Security software loading at startup is Online Armor and Avast!
Assuming a compromised router, is the startup software loading soon enough to protect me from startup boogies? Is there more I can be doing to protect myself during these critical few seconds?
Knowledgable feedback appreciated. Thanks.
Win XP SP2 |
|
