Protecting Windows operating System with the Help of Open-Source

Integrated security component on windows operating system are not enough this what has been indicated by many security professional. Windows firewall and other security functionality do not provide the required level of protection. For effectively protecting windows system we need to install third party software application such as Kerio WinRoute Firewal or WatchGuard Firewall with the correct configuration. This also do not fully secure your environment because you need a network firewall that will help in monitoring and filtering suspicious traffic and all that are not free.

If you will use an access point or network outside your environment. There is a big risk as relaying totally on windows firewall leaves you defenseless against new threat. Today’s laptop provides enough capabilities to install virtual machines and use it for protecting our environment freely by using Open source security tools.

You will be able to deploy on the virtual machine all required security services such as Intrusion detection system, virtual private network, proxy, DNS caching etc…

For saving as much as possible memory resources we will use Linux based system such as OpenBSD an extremely reliable. With only 2 exploits in 20+ years, if we are going to implement security, we should use the best what we can get.

Default OpenBSD installation requires 32 to 64 MB of Ram and 300 MB of Hard disk free space. For the virtualization we can use VMWare server or QEMU but I prefer SUN Microsystem Virtualbox it is freely available and Open Source Software.

After installing VirtualBox you start by removing all network devices on windows system and you just keep VirtualBox Network Bridged Drive. This will make your machine connected only to the virtual host and eliminate any other network. In the virtual network interface settings you take an IP address in the chosen LAN and you specify VirtualBox IP as the gateway and DNS-server.

On the virtual machine you will specify 2 network interfaces the first a network bridge and here you specify a real device name such as Wireless adapter or Network device that will have the Internet connection. The second is the virtual address that the Windows machine will take it as a Gateway.

Now it’s time to configure the OpenBSD System.

First of all you start by enabling IP forwarding so that packets can travel between network interfaces on the OpenBSD machine:

# sysctl net.inet.ip.forwarding=1
# sysctl net.inet6.ip6.forwarding=1 (if using IPv6)

To make this change permanent, remove the # from /etc/sysctl.conf and save the file. IP forwarding will be enabled when the virtual machine is rebooted. Next you start by creating the Nat rules in pf.conf:

# vi /etc/pf.conf
nat on vic0 from vic1:network -> vic0
block in all
pass in on vic1

And you configure port security settings:

# vi /etc/pf.conf
tcp_services = “{ ssh, smtp, domain, www, https, ntp, ftp, ftp-data}”
udp_services = “{ domain, ntp }”
block all
pass out inet proto tcp to any port $ tcp_srv
pass out inet proto udp to any port $ udp_srv

apply the rules and check state:

# Pfctl-nf / etc / pf.conf
# Pfctl-vf / etc / pf.conf
# Pfctl-s state

For the visual monitoring it will be better to use Ntop and Pftop as they provide graphs and state on all Network activities:

# export PKG_PATH= ftp://ftp.openbsd.org/pub/OpenBSD/4.7/packages/i386

# pkg_add pftop

# pkg_add ntop

And we add Squid proxy for the caching and blocking banners:

# Pkg_add squid-2.7.STABLE6.tgz

Open the configuration file /etc /squid /squid.conf and allow the connection:

# Vi / etc / squid /squid.conf

http_port 3128
# Http_port 127.0.0.1:3128 transparent
# # # internal network Ip addresses
acl lan_net src 192.168.1.0/24
# # # Allow access to the Internet from the network 192.168.1.0/24
http_access allow lan_net
# # # cache size
cache_mem 32 MB
maximum_object_size 10240 KB
cache_dir ufs / var / squid / cache 5000 16 256

Create a directory for the proxy cache and run:

# Squid-z

# Squid

You will need to add 2 security modules squidGuard and HAVP (HTTP Anti Virus Proxy). Squidguard will help in banner filtering/blocking and HAVP will scan traffic with several anti-viruses (such as ClamAV, F-Prot, Kaspersky, NOD32, Sophos…) at the same time:

# Pkg_add squidguard

# Pkg_add havp

For the privacy of your Internet surfing we add to the virtual machine Privoxy (Privacy Enhancing Proxy). This will enhance your privacy and web security as it allows hiding your information by modifying the header:

# Pkg_add privoxy

For the configuration you type in your browser http://config.privoxy.org/ and you make the desired settings. Next you add the DNS services using DNSmasq which provide an easy caching DNS (as well as TFTP and DHCP):

# Pkg_add dnsmasq

In the dnsmasq.conf you should specify your network:

Listen-address = 127.0.0.1, 192.168.X.X

DNS will make the navigation faster as you will have DNS records in the cache.

This cannot be completed without creating a tunnel which will be used for making all your communication secure while you are outside the office, here you can find the way to create IPSEC connection.

We now have a whole secure windows environment with all advanced features and possibilities for extending and adding more security tools. The virtual machine can be ready at any time while you are traveling or at any place.

Finally a worth read article by Chris Hoff Why We Need Open Source Security Solutions More Than Ever…

Resources
Firewalling with OpenBSD’s PF packet filter

make sure you subscribe to my RSS feed!

Share
  • Pingback: Tweets that mention Protecting Windows operating System with the Help of Open-Source | SecTechno -- Topsy.com

  • Pingback: xanda

  • Pingback: Win Security

  • Pingback: Howard Fuhs

  • Pingback: Seeb

  • Pingback: Mourad Ben Lakhoua

  • Pingback: Cdubart

  • Pingback: Mourad Ben Lakhoua

  • Pingback: Mourad Ben Lakhoua

  • Pingback: Gurdip Singh

  • Pingback: mouad zahrane