/os/ - Online Security

News, techniques and methods for computer network security.


New Thread
X
Max 20 files0 B total
[New Thread]

Page: Prev [1] [2] [3] [4] Next | [Index] [Catalog] [Banners] [Logs]









Hello and Welcome to /os/, Online Security. This is a board for the discussion of online security, privacy, anonymity, and news from cybersecurity and privacy world.
RULEZ
1.Follow the global rules
2.No Spam
3.No Classified Documents or leaks of Classified Documents or Files (News articles, or commentary about the documents or files is OK)
4.No Child Exploitation Material 
5.Images should be safe for work and relevant to the post or thread, commentary can be NSFW
6.No Advertisements of Hacker Services or Solicitations for Hacking Services
Related Boards
tech >>>/tech/ Hacker >>>/h4x0r/ Security Concepts>>>/sec/ EndSoft >>>/endsoft/
Privacy Guides
https://thetinhat.com/index.html
https://archive.is/zq2Ip
http://crypty22ijtotell.onion/handbook/
http://yuxv6qujajqvmypv.onion
http://deepdot35wvmeyd5.onion/security-tutorials/
Software Recommendations
https://prism-break.org/en/
https://www.privacytools.io/
Secure Computing Practices Links
http://bvmo2axfy6aetmsddfe6x2wszjkbcechfoajuguxcrkvhssfm6tr2fad.onion/
Email Provider
riseup.net  https://mail.riseup.net 
Openmailbox https://www.openmailbox.org/
Protonmail https://protonmail.com/
Tutanota https://www.tutanota.com/
cock.li https://cock.li/
CyberGuerrilla http://lu4qfnnkbnduxurt.onion https://cyberguerrilla.info/ 
Volatile http://vola7ileiax4ueow.onion/ https://volatile.bz/ 
EludeMail http://eludemaillhqfkh5.onion/ https://elude.in/ 
secMail http://secmailw453j7piv.onion http://secmail.pro/
Your own mail server. Postfix + Dovecot  http://www.linuxmail.info/ https://roll.urown.net
GPG GNU Privacy Guard
https://emailselfdefense.fsf.org/en/
http://deepdot35wvmeyd5.onion/2015/02/17/basic-guide-pgp-linux/
Tor
https://www.torproject.org 
https://dist.torproject.org
https://git.torproject.org
Security Focused Operating Systems
OpenBSD https://www.openbsd.org  , https://libreboot.org/docs/bsd/openbsd.html
LibertyBSD http://libertybsd.net/ ,https://libreboot.org/docs/bsd/openbsd.html
Parabola GNU/Linux https://www.parabola.nu/ , https://wiki.parabola.nu/index.php?title=Beginners%27_guide
Arch Linux https://www.archlinux.org/ , https://wiki.archlinux.org/index.php/Beginners%27_guide
Gentoo https://www.gentoo.org/ , https://wiki.gentoo.org/
Source Mage https://sourcemage.org/
Alpine Linux https://www.alpinelinux.org
QubesOS https://www.qubes-os.org/ http://qubesosmamapaxpa.onion/
Whonix https://www.whonix.org/ http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/
 Systemd Free 
Devuan https://www.devuan.org/  http://devuanzuwu3xoqwp.onion
Parabloa GNU/Linux/OpenRC https://wiki.parabola.nu/OpenRC#Installation_on_a_fresh_system
Hyperbola GNU/Linux-Libre https://www.hyperbola.info/
Systemd Free http://systemd-free.org/
Live CDs
Tails,  https://tails.boum.org ;   
TENS ,  https://tens.af.mil/lipose.htm , US Air Force Live CD , Online banking for mom and dad.
Heads https://heads.dyne.org/ http://fz474h2o46o2u7xj.onion ; Devuan non-systemd version of Tails (Disclaimer: Website uses occult language)
Full Disk Encryption
https://libreboot.org/docs/gnulinux/index.html
https://libreboot.org/docs/gnulinux/encrypted_parabola.html
https://libreboot.org/docs/gnulinux/encrypted_trisquel.html
Computer Hardware
Any computer that can run libreboot.
https://libreboot.org/docs/hcl/
http://bvmo2axfy6aetmsddfe6x2wszjkbcechfoajuguxcrkvhssfm6tr2fad.onion/
 Router Software 
OpenWRT https://openwrt.org/
LibreCMC https://librecmc.org
pfSense https://pfsense.org
P.O.R.T.A.L. https://github.com/grugq/portal
Endware
http://nguipxnkrp3qrzrlduhsatpcpwehnblzmlkc5ifiumxq4z5jlh4lwvid.onion/
https://gitgud.io/Endwall/
https://github.com/endwall2/
TOP BUMP 
Additions: 
TENS , https://www.tens.af.mil/lipose.htm , US Air Force Live CD LibertyBSD http://libertybsd.net/ , https://libreboot.org/docs/bsd/openbsd.html

Heads https://heads.dyne.org/ http://fz474h2o46o2u7xj.onion ; Devuan non-systemd version of Tails (Disclaimer: Website/Project uses occult language with communist signals)
Devuan https://www.devuan.org/ http://devuanzuwu3xoqwp.onion
Systemd Free http://systemd-free.org/


SEARX
https://www.searx.me

Searx Instances
https://searx.space/
http://searxspbitokayvkhzhsnljde7rqmn7rvoga6e4waeub3h7ug3nghoad.onion/

SearX Installation
https://github.com/asciimoo/searx/wiki/Installation
https://asciimoo.github.io/searx/dev/install/installation.html
https://github.com/asciimoo/searx/wiki/Installation-on-RHEL-7---CentOS-7
https://github.com/asciimoo/searx/wiki/How-to-create-and-configure-SSL



Antivirus Software and Methods

I generally don't trust antivirus software packages but I think they may be useful in cases where you download files from the internet and open or view them. Place useful tips about virus cleaning and antivirus software tips in this thread.
On Debian and Windows I use ClamAV which is maintained by Cisco systems. 

https://www.clamav.net/
https://www.clamav.net/downloads

It comes packaged with Debian and other GNU/Linux distributions, and I've used it on OpenBSD. On windows I use the Windows defender suite but this also works on windows through an admin CMD command line. You download the package from the above link and install it. Then you need to edit two config files in the directory "C:\Program Files\ClamAV\conf_examples\".  Copy these files to the main directory 
 
C:\> copy "C:\Program Files\ClamAV\conf_examples\*.sample" .. 
C:\> cd "C:\Program Files\ClamAV\" 
C:\> move clamd.conf.sample clamd.conf
C:\> move freshclam.conf.sample freshclam.conf
C:\> notepad clamd.conf

#Comment or remove the line below.
#Example

Save and close the file, then do the same for freshclam.conf

C:\> notepad freshclam.conf

# Comment or remove the line below.
#Example

Save and close the file after commenting Example with #

C:\> freshclam

This will update the database of signatures and definitions
Next change directory into the root directory.

C:\> cd C:\  
C:\> "C:\Program Files\ClamAV\clamscan" -help | more
## read the instructions
C:\> mkdir C:\temp 
C:\> mkdir C:\temp\virus\

Now run the program from the root directory

C:\> "C:\Program Files\ClamAV\clamscan" -v -a -o -i -r -z --memory --kill --move=C:\temp\virus

This will run the antivirus program on windows and move the infected files to C:\temp\virus
you can delete these after you inspect the directory

C:\> cd C:\temp\virus\
C:\> dir 
C:\> rm C:\temp\virus\*

For GNU/Linux, the package installation will already have the #Example commented out and you simply run :

$ su
# cd /
# freshclam
# mkdir /tmp/virus/
# clamscan -v -a -o -i -r -z --move=/tmp/virus

To run the program from the current working directory

# cd /tmp/virus/
# ls /tmp/virus/
# rm /tmp/virus/* 


I'm sad to say that ClamAV found stuff on my server on Parabola GNU/Linux and on my daily driver computer on Debian, and on my Windows Computers, but found nothing on my OpenBSD machines. I don't know if it reports matched hashed files back to a central server or not so this may not be for you if you have stolen documents in your possession. For my use case I'm only concerned about Trojans, worms and files that have viruses. It's the best I have to go on.  Use this with windows defender on windows, and as mentioned on *NIX and GNU/Linux systems.  If you know more about this kind of stuff and have tips to share, feel free to share them below.

If you just want to scan your home directories, you can just run this on /home/ or a specific directory cd'ing into the directory.  Also --remove will do the deletion for you if you'd rather the program handle the process of bad flagged file removal. For a silent non verbose run remove -a and -v. Example:

$ su
# cd /home/
# freshclam
# clamscan -i -o -r -z --remove

Run it on the root directory / to get everything, however removal might break programs so its best to run verbose to a log file and move the bad files to a quarantine location before deletion. Post any tips about anti-virus if you have any.



Endware is a suite of programs geared towards internet privacy, security, and  anonymity.

Endwall: endwall.sh is an iptables based firewall script designed to be implemented on any linux distribution shipped with iptables.  endwall.sh is based on default drop policies, coupled with a novel strategy of passing packets on local host ports only for those enabled by the enduser.  It comes with a variety of well used ports enabled with several additional port passing configurations available by uncommenting the script. It provides essential security to a new user.  

Endsets: endsets.sh is a script that adds blacklisting and whitelisting functionality to endwall.sh.  It depends on the program ipset.  It is persistent on reboot if you enable ipset as a service.  This is the recommended blacklisting tool for endwall if you are running a server or planning on opening up ports and services to the public and will require daily blacklisting of new incomming IPs. 

Endlists: endlists.sh is a traditional text file list based blacklisting and whitelisting script. It has slow performance, and can't be updated on the fly. Good for <1000 ip subnets, very tedious and slow to run for more than that. Blocks the IPs by adding them as individual rules to the iptables ruleset. Works but not recommended for heavy duty on a server.  May be useful for workstation use to block ip ranges if you are not opening up ports and services to public clients.

Endtools: endtools are a collection of scripts including alogz.sh, mlogz.sh, spamlogz.sh and iplookup.py. These scripts will help to service an enduser of endwall in adminstering endsets/endlists.

iplookup.py is a geoiplookup script written in python and requires python and pygeoip.  It has simmilar functionality to maxmind's geoiplookup program and uses the maxmind *.dat files.

spamlogz.sh is a script that searches through log files to find flagged log entries flagged in endwall.sh, endsets.sh and endlists.sh.   

alogz.sh is a daily log reading script designed to read the output of an apache http server's log output. 

mlogz.sh is a daily log reading script designed to read the output of a postfix smtp server's log output.
  
Endtube: endtube.sh is an anonymizing download manager for youtube videos.  This program can use https proxies, tor, and youtube-dl to download videos from youtube or other video vendor sites by selecting a random user-agent and a random proxy, and by using random delay timing between downloads to create bursts rather than streams. 

Endloads: endloads.sh is a command line interface (cli) download manager forked from endtube.sh that uses random download timing, random user-agents, wget and torsocks.

These programs may be found at the following locations:
Endware Development Team Hidden Service
http://nguipxnkrp3qrzrlduhsatpcpwehnblzmlkc5ifiumxq4z5jlh4lwvid.onion/
Github
https://github.com/endwall2/
Gitgud
https://gitgud.io/Endwall

provided for ease of access to new users to linux, and for access to Endware by non tor users, on an incremental basis. 

More programs will be added to the Endware program suite as their creation and customization become obvious, evident, and necessary. 

All programs in the Endware suite were inspired by EndChan and were named in honor of http://www.endchan.xyz and we thank OdiliTime for his patronage and for his generous hosting of this project.
282 replies omitted. Click to expand viewer
I just ported endstream to macOS using a MacMini 2014 model with MacOS 12.5 Monterey.  Using the Homebrew package manager you can install youtube-dl, curl, openssl, and mpv, and then the program will run.  I've tested this port as working, and have placed it onto the github repository and onto the hidden service. 

endstream_macOS.sh

Github
https://raw.githubusercontent.com/endwall2/endstream/master/endstream&#95;macOS.sh
Endware Hidden Service
http://nguipxnkrp3qrzrlduhsatpcpwehnblzmlkc5ifiumxq4z5jlh4lwvid.onion/endware&#95;macOS/endstream&#95;macOS.sh

Now endstream is tested working on the following operating systems : { GNU/Linux, OpenBSD, Windows NT, MacOS }. I'm planning on going back and making winstream.bat into a powershell script so that it is fully compatible and can access all of the streams. Right now winstream.bat just uses fixed links and m3u8 playlists and can't access the Youtube live streams or other dynamic playlists.  I'll have to learn more about Powershell first which might take a month or two.  Its a side project. 

My next task with endstream is to fix up the channels on the OpenBSD port and test it, I'll work on that in around two weeks when I have some free time.  

Summary: I made a cross platform killer app, and gave it away for free on the internet...

 >>/1784/

I have completed and tested as working, a translation of endwall_wifi for PF. Tested working on a Toshiba Tecra with OpenBSD 7.1. I have also bug fixed the previous versions of the pf model, and added some new models for different use cases. The pf_wifi model is for locking to your internal LAN wifi. The pf_wifi_roam model is for allowing the wifi to connect to any network without re-running the firewall. The pf_roam model allows all interfaces to connect to any private LAN network for ethernet or wifi, basically you can plug in to anywhere or connect to any public wifi without re-running the firewall. 

Obviously the more restricted the better,however these models might be useful for some applications, like using wifi at coffee shops etc. I have also made a roam version for nft which allows for the laptop to plug in anywhere. These are all available in the usual places:

endwall_nft_wifi.sh (wired ethernet is static but wifi is roaming)
https://raw.githubusercontent.com/endwall2/endwall/master/endwall&#95;nft&#95;wifi.sh
http://nguipxnkrp3qrzrlduhsatpcpwehnblzmlkc5ifiumxq4z5jlh4lwvid.onion/endware/endwall&#95;nft&#95;wifi.sh
endwall_nft_roam.sh (all interfaces allow connecting to any network)
http://nguipxnkrp3qrzrlduhsatpcpwehnblzmlkc5ifiumxq4z5jlh4lwvid.onion/endware/endwall&#95;nft&#95;roam.sh
https://raw.githubusercontent.com/endwall2/endwall/master/endwall&#95;nft&#95;roam.sh
endwall_pf.sh  for wired ethernet (internal lan static connection)
https://raw.githubusercontent.com/endwall2/endware&#95;bsd/master/endwall&#95;pf.sh
http://nguipxnkrp3qrzrlduhsatpcpwehnblzmlkc5ifiumxq4z5jlh4lwvid.onion/endware&#95;bsd/endwall&#95;pf.sh
endwall_pf_wifi.sh (1 wired and 1 wireless interface both static) (internal LAN static connection) 
https://raw.githubusercontent.com/endwall2/endware&#95;bsd/master/endwall&#95;pf&#95;wifi.sh
http://nguipxnkrp3qrzrlduhsatpcpwehnblzmlkc5ifiumxq4z5jlh4lwvid.onion/endware&#95;bsd/endwall&#95;pf&#95;wifi.sh
endwall_pf_wifi_roam.sh (1 wired static connection and 1 wireless static + roaming wireless). 
https://raw.githubusercontent.com/endwall2/endware&#95;bsd/master/endwall&#95;pf&#95;wifi&#95;roam.sh
http://nguipxnkrp3qrzrlduhsatpcpwehnblzmlkc5ifiumxq4z5jlh4lwvid.onion/endware&#95;bsd/endwall&#95;pf&#95;wifi&#95;roam.sh
endwall_pf_roam.sh (all interfaces can connect to any network)
https://raw.githubusercontent.com/endwall2/endware&#95;bsd/master/endwall&#95;pf&#95;roam.sh
http://nguipxnkrp3qrzrlduhsatpcpwehnblzmlkc5ifiumxq4z5jlh4lwvid.onion/endware&#95;bsd/endwall&#95;pf&#95;roam.sh

I have to make a nft model for static wireless + static wired connections for nft_wifi, and then rename the current nft_wifi model to nft_wifi_roam. 

The use cases are as follows:

1) Wired only desktop computer connection with 1 interface for wired ethernet in your home connected to your LAN, which supplies DHCP with a static ipv4 address. -> (endwall.sh, endwall_nft.sh endwall_pf.sh)

2) You have a wired LAN router and a wireless LAN router both supplying static ipv4 DHCP addresses to your internal network. -> (endwall_wifi.sh, endwall_nft_wifi.sh, endwall_pf_wifi.sh).

3) You have a Laptop you use in your internal network, wired, and or wireless, but you sometimes take it with you to school, or to a coffee shop and require the wireless connection to allow roaming connections to randomly assigned DHCP addresses. Also useful for investigating the networks of neighborhood wifi networks in your vicinity . -> (endwall_nft_wifi_roam.sh, endwall_pf_wifi_roam.sh)

4) You have  a laptop and you want to plug it in to ethernet anywhere you can get a DHCP address (school, the library, your friend's house), and also use wifi on any wireless network (school, library, coffee shop, friend's house) and both get a randomly assigned DHCP ipv4 address, without re-running the firewall. -> (endwall_nft_roam.sh, endwall_pf_roam.sh). 

The security decreases as you go from 1)->2)->3)->4).   Best practice is 1) no wifi, only wired connections on desktop computers, no wireless interfaces, and connections in your own LAN network using static ip assignment from the router with mac address binding. Next best is 2) only use your own wifi, in you internal network as well as wired on your own LAN with static IP. 3) You have static ethernet and WIFI LAN at home, but sometimes you bring the laptop to school and need to connect to a randomly assigned ipv4 address on their WIFI without re-running the firewall rules, or you are at home and want to connect to or investigate local neighborhood wifi networks without re-running the firewall.  4) You want to be able to plug in to any ethernet jack anywhere (school,library, friend's house), and use any coffee shop WIFI but only for allowed/selected ports.   

I'll work on creating the nft_wifi_roam and nft_wifi models sometime next week. School is starting in 2 weeks, so I have to wrap these projects up before the session starts. I'll be too busy to do anything consistent once the semester starts up, other than some maintenance and bug fixes as I find them. I'll do what I can, on Fridays and Saturdays during school, but I'm going to be busy with school assignments and studying.  

Let me know if these are working for you.  Post bug reports, comments or requests below. Thanks.

I can report that endstream.sh launches and plays with no GUI in GNU/Linux. Tested in tmux in the shell with no desktop or GUI, on Debian 11. I wasn't aware that this was possible until recently.  Sound and full motion video work.  Good news for people who don't use desktops, xorg or wayland or any GUI. mpv can play videos in the command line with no GUI, interesting development.  

I did some updates to endstream_bsd.sh, endstream.sh and winstream.bat, including adding some streams from cozy.tv. Available in the usual places:

https://www.github.com/endwall2/endstream
http://nguipxnkrp3qrzrlduhsatpcpwehnblzmlkc5ifiumxq4z5jlh4lwvid.onion/

 >>/1825/
I just tested endstream_bsd.sh in the shell on OpenBSD 7.1 (no GUI no Xenocara). And it also works. It goes to full screen, with full  motion video and sound working on a Toshiba Tecra Laptop. You can use mpv from text mode in OpenBSD 7.1.



DISCUSSION THREAD II
Want to say something off topic about anything?

Have a hot tip about something in the computer security world that doesn't fit into any current thread or category?

Want to chat with your fellow invisible 7 proxy friends?

Want to tell Lt. Gen Michael Hayden, Lt. Gen James Clapper,GEN Keith Alexander, ADM Michael Rogers, GEN Paul Nakasone, GOOGLE, AMAZON, FACEBOOK, Microsoft, Apple, etc. how you feel?

It's open mic at >>>/os/ , anything goes!!

Put all of your banter here:
45 replies omitted. Click to expand viewer
Anonymous 08/31/2022 (Wed) 09:25 No.1809 

The pci_disable_device function is defined in the source file of the kernel pci module. Let the pci_disable_device function be a working parameter of the kernel pci module...

Anonymous 09/02/2022 (Fri) 14:38 [Preview] No. 1810

Antivirus and security software should use a second video card modulated for them.

If security software uses a second video card that is modular for them, it does not overwhelm the existing system.

This makes the computer run faster.


A strange thing happened last week. My router got bricked, for no apparent reason while I was at school. I replaced it when I came home, and after 5 hours of work I had the core of my network back up and running. It might have been an electrical failure, but I don't know... If it was a cyber-attack, it was professional. 

Anyhow after that happened, I restored all of my services, however I can't seem to restart my tor hidden services anymore from my server. Tor works but the hidden services won't start. I have to comment them out in the torrc file to get tor to start. Anyways, they're down until I have some more free time to troubleshoot what the issue is. I'm backlogged with school work and assignments, so it might be down for a while. All very strange...I'll take another look next weekend and see if its fixable.

 >>/1828/
The hidden service is back up. I'm now using the stock tor daemon from the package manager to run it. I needed to change some directory permissions to get it running. I have to build a new modded version of tor from the latest source code, but it will have to wait until I have some free time.



 >>/1357/

You can also set up proxying to 127.0.0.1:9050 in Hexchat.  This works when connecting to the .onion addresses.

Settings->Preferences->Network-> Network Setup

Fill in the socks5 proxy information.  Then Add the new server in the connection tab using the .onion address and port number.  Works.

Unless there is a discount for buying a vpn with bitcoin. It is not necessarily an anonymous transaction because you theoretically connect to your raw ip with the bitcoin purchased vpn.






Cool board idea.

What's the safest possible way to browse the internet anonymously and safely? There's a thread on /tech/ with the endwall developer talking about proxychains, and that seems pretty cool. Some of the links to proxy lists seem dead, and I have found some online but why should I trust these random 'free' proxies?

What about proxychains over VPN? I'm currently using Mullvad which is alright, and I'm curious about more security if need be. Does a VPN -> proxychain -> TOR connection work? Sounds horribly slow in theory, but I think we all know that privacy comes at a cost in our current world.

I suppose I could call this a 'VPN/proxy/TOR general thread.'
85 replies omitted. Click to expand viewer

The ultimate step is to build an 8-bit computer with a soldering iron (RC2014), launch a browser in a community audited version of CP/M, connect by socks 5 proxy to a unix computer running tor with 12-15 hops, and use a text browser for the web and and irc client in text mode. Proxy out to  Tor or I2P or whatever the next super duper anonymity router is.  In the mean time do this with DOS.  This won't be a solution for the everyman or for the newbie, but it will be a solution for the serious thinking man.

 >>/1541/
Anything you can do to isolate the tor daemon from the system or its running processes will help.   I'm running it as a user with a custom torrc.   If you can first run firejail or bubble wrap, or chroot it and get the tor daemon to still function it might help.  I consider the linux/unix environment potentially hostile to the user and a potential source of packet inspection.  Basically linux can be used to keylog the users and destroy the anonimity factor in real time or in post analysis.  If there is key logging with an output beacon on your machine, you don't have privacy, and Tor Browser isn't going to help you with anonymity.   If there is malware that can mess with the tor daemon as it's running, then it might be wise to try to isolate the process, so yeah probably a good idea.  I'll try running it with firejail it probably won't work.  If you get a setup like  that and find it beneficial, please post the steps and instructions here. Thanks.

I am big fan of Minecraft and like to watch different minecraft video on Youtube.But for watching I use https://veepn.com/vpn-apps/vpn-for-firefox/ because I can not log itnto my youtube channels.







https://joinpeertube.org/
https://media.privacyinternational.org/
https://tube.rebellion.global/videos/local
https://tilvids.com/
https://video.blender.org/videos/local
https://v.basspistol.org/home

https://www.facebook.com/watch
https://www.facebook.com/gaming/
https://www.facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion/watch
https://www.facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion/gaming
https://www.facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion/watch/search/?q=8chan
https://www.facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion/brutamerica/videos/411616456136550/










WINDOWS NT Security Thread

It turns out that MS Windows NT has an 80% market share in the Desktop Operating Systems Market (whatever that is...)  So in all likelihood, if you work a job anywhere, you will be forced to sit down and work on one of these machines running this well known gem of an operating system. You probably won't have administrator rights, but that's OK, we'll make do.

In reality there is no Windows security but in this thread we will try to make life a little bit better even if it is just for a placebo effect.  Also Windows hackers come and show us how you hack us up real good, and help our poor unprivileged users gain administrator rights without a password, so that they can install Mahjong.  Windows Advanced Firewall, Registry Editing, Browsers, etc.  Post all the tips and tricks to make Windows NT better than ever.
5 replies omitted. Click to expand viewer
thumbnail of outbound_rules_with_bullshit_disabled.png
thumbnail of outbound_rules_with_bullshit_disabled.png
outbound_rules_with_b... png
(67.98 KB, 1047x784)
thumbnail of windows_defender_firewall_default_policy.png
thumbnail of windows_defender_firewall_default_policy.png
windows_defender_fire... png
(63.95 KB, 1047x784)
thumbnail of outbound_rules_bullshit_deleted.png
thumbnail of outbound_rules_bullshit_deleted.png
outbound_rules_bullsh... png
(44.75 KB, 1047x784)
Windows Defender Firewall

Go to the search tab and type firewall. Select windows defender firewall.  Click on advanced settings.  Block all incoming and outgoing traffic by default. Then wipe out all of the policies or click disable, better to click delete and remove them.  Then add the policies that you need.  Lock them down by application if need be. Play around with the detailed rules and use filters for programs, ports and ip addresses to get the desired effects for your network applications to work. Adding new programs magically changes your firewall settings, but go back and fix them after each new application install. Wipe out and delete all inbound rules.  If you need to let inbound come in, then you should know enough about the application to configure it. 
Block everything and only let out/in what you need to go out/in, specific programs, ports and ip addresses.

Windows Subsystem for Linux

Installation guide:

https://docs.microsoft.com/en-us/windows/wsl/install-win10

I installed Debian, seems to work well for some applications.  I'll import endware and test some fo the tools out.  If you install debian you can install a windowing server Xming or CygwinX 

http://www.straightrunning.com/XmingNotes/

https://sourceforge.net/projects/xming/

Then you can install programs that work in Xorg server and call them from the command line and they'll pop up in windows on the desktop.  

Bear in mind all of this is for convenience while you work on Windows, you can also access Linux tools in the shell and some GUI programs as well. Alternatively try Cygwin and CygwinX:

https://www.cygwin.com/

https://x.cygwin.com/


thumbnail of Local_Security_Policy.png
thumbnail of Local_Security_Policy.png
Local_Security_Policy png
(97.25 KB, 1506x936)
Local Security Policy

There are firewall settings that don't change when new programs modify windows advanced firewall.  These rules sit beneath and supersede the main windows advanced firewall rules.  

Type here to search-> "Local Security Policy" -> Click Local Security Policy.

There is a folder Windows Defender Firewall, with the same layout.  Put your rules in here and they won't change, and they override the other rules.

I have also found out that these rules can be scripted by the command netsh, so I might make something later on.




Post(s) action:


Moderation Help
Scope:
Duration: Days

Ban Type:


0 replies | 0 file
New Thread
Max 20 files0 B total
Refresh

Page: Prev [1] [2] [3] [4] Next | [Index] [Catalog] [Banners] [Logs]