Tech Support Guy banner
Status
Not open for further replies.

Vulnerability Between Bootup and When VPN Initiates?

Solved 
897 views 7 replies 2 participants last post by  referee07 
#1 ·
Tech Support Guy System Info Utility version 1.0.0.9
OS Version: Microsoft Windows 10 Home, 64 bit, Build 19043, Installed 20201005110510.000000-300
Processor: AMD A9-9420e RADEON R5, 5 COMPUTE CORES 2C+3G, AMD64 Family 21 Model 112 Stepping 0, CPU Count: 2
Total Physical RAM: 12 GB
Graphics Card: AMD Radeon(TM) R5 Graphics, 512 MB
Hard Drives: C: 930 GB (536 GB Free); D: 1862 GB (1467 GB Free);
Motherboard: SR Squirtle_SR, ver V1.22, s/n NBGNV1100W923062327600
System: Insyde Corp., ver ACRSYS - 1, s/n NXGNVAA027923062327600
Antivirus: Windows Defender, Enabled and Updated

I am staying in a hotel and the hotel Wi-Fi has a warning that its Wi-Fi is not secure. I use StrongVPN as my VPN in order to try to protect my computer from malware when I am in a public location. Sometimes it takes what seems like a couple of minutes between the time that the hotel Wi-Fi connects and when my VPN is online.

I am wondering if during that time, my computer is vulnerable to individuals on this hotel network to see inside of my computer and maybe determine my various websites' passwords? And, if this is the case, how can I protect my computer between the time that the bootup is complete and when the VPN takes over?

Thanks to everyone for any and all replies and suggestions.
 
See less See more
#2 · (Edited by Moderator)
The answer is strong firewall rules. A good firewall setup will stop all connections made to your PC. Go to Start > Administrative Tools > Windows Defender advanced firewall, In the center panel, click on the firewall properties link. This will bring up a windows with tabs for Domain, Private and Public. Go thru each tab and set Outgoing to Deny.

Then on the right panel, click on Incoming rules. All the rules that have a green symbol on the left are active. Generally you want them all set to off, except Core Networking DHCP in. Just right click a rule and choose Disable.

Then on the right panel again, click on Outgoing rules. You want to make sure that Core Networking DNS, Core Networking DHCP Out and your Browser is allowed out. The rest of the green rules you can disable according to what you actually don't use.

The principle to use here is "Default Deny". So there should be no active rules for that app that you Someday May Use. The rules are a specified white list of what is allowed. Microsoft made lots of rules active so that customers won't have to configure a rule in order to get an app working, But convenience is the opposite of security. Make it too convenient and all sorts of bad traffic will slip through.

Bad guys make use of attack tools that send bad traffic, making an app fail to their advantage. All you need is one weakly secured app and an Active Allow firewall rule for that app and it will be game over. Game over as in full remote access granted to the bad guy and full control over your PC. It all depends on what the bad guy chooses to download to your PC after generating a fail on your app.

But what if the app is your browser and it must have an allow outbound rule? The answer is to religiously update your browser every week. ( and pray that it is secure ). Then also you can deploy an anti-exploit defense tool like HitmanPro Alert which specifically protects browsers. If you want a free tool, you can configure Windows Defender's anti-exploit feature.

Since you mentioned stealing your passwords. You can try a password protection browser extension like Lastpass. This thing encrypts your passwords and fills them in for you when needed; all you need to remember is the master password. I remember it can also generate gibberish passwords for you so that all passwords are different on all your websites; so there is no password re-use. Re-using passwords enable an attacker to compromise your websites by trying a found password on another site you use.
 
#3 ·
lunarlander, thank you very much for your very informative and thorough reply. If I understood your directions correctly, I should disable everything in both incoming and outgoing Core Networking DHCP in and core Networking DNS, Core Networking DHCP Out and my browser; is that correct? And, by disabling each of these, the green checkmark will no longer be visible, also correct? Also, please look at the attachment for a screenshot of my Windows Defender Firewall page. Should Outbound Connections that do not Match the Rule be blocked? Thanks again for all of your help.
 

Attachments

#4 ·
Outbound that don't match a rule should be blocked. You might encounter some problems that way, like program installers (which wouldn't have rule since they are new to the system) going online to fetch something. If this happens just change to outbound allow for that brief period.

Outbound DNS and outbound DHCP and inbound DHCP and outbound browser should be allowed in the rules.
 
#5 ·
lunarlander, thanks again for your help. I have a question: what are the "Rules" that you mentioned in your posts? Also, I was able to block both Inbound and Outbound Connections in Domain Profile and Private Profile, and I was able to block Outbound Connections in Public Profile, but if I blocked Outbound Connections in Public Profile, the Internet would not connect and so I needed to allow Outbound Connections in Public Profile. Also, I disenabled everything in both Outbound and Inbound Rules except for the few that you suggested that I keep open.

I have one more question: Since Windows Defender is running on my computer, should I have Malwarebytes also running at the same time that Windows Defender is running?

Thanks again for all of your help and expertise.
 
#6 ·
The "rules" are the individual items inside Inbound and Outbound. The active rules have the green circle symbol and the ones that don't have the green circle are disabled rules.

I am not sure about MalwareBytes. The recent versions fully replace Windows Defender. And if so, Windows Defender knows to turn itself off.
 
#7 ·
lunarlander, thanks again for your help. I was able to block both Inbound and Outbound Connections in Domain Profile and Private Profile, and I was able to block Inbound in Public Profile, but if I blocked Outbound Connections in Public Profile, the Internet would not connect and so I needed to allow Outbound Connections in Public Profile. Should I be able to block Outbound Connections in the Public Profile and not have the Internet not be able to connect if I do that?
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top