This is my simple security model - block all the security threat-gates. It is just a simple “configure CIS to block all new data from entering the system”.
As far as I know, malware can enter the system in four ways:
- External disks.
- Internet-facing applications loading malware onto the system.
- Unsure-of files downloaded into the system by the user himself.
- Internet-facing applications themselves doing malicious stuff.
For (1), I have added “autorun.inf” to my blocked files for all my removable drives.
For (2), “Run an exeuctable” is set as “block” for all the internet-facing applications.
- I add allowed exceptions for those safe-applications which are needed to be executed.
For (3), all those files, I introduce into the system through downloads or from external disks, which I feel are safe but might be infected, (after scanning it with the AV) I run them inside the virtual-sandbox-system and observe what the application does. If it does anything that is suspicious, I delete it, otherwise I deem it safe.
For (4), you could set rules for all internet-facing applications such that they are not allowed to do what is not required for them to function. Only the advanced users would be able to configure it in such a way, for the beginners, they could add all the internet-facing applications to run inside the sandbox permanently, but the problem would be that the solution for “2” won’t work, since Computer Security Policy doesn’t apply for sandboxed applications.
So, this is basically how I have it setup. If there is anything I am missing or doing wrongly then let me know.