helicopter34234
100+ Head-Fier
- Joined
- Sep 7, 2008
- Posts
- 153
- Likes
- 11
Hi everyone. I finally got around to doing an overhaul of my personal computer security policies. Considering that I use my computer as a filing cabinet for all of my important and personal documents as well as doing my banking and many transactions over the computer, it is imperative that it is secure. I am by no means a computer/networking export. However, I thought some of the things I learned through my literature search would be relevant to the general community. Computer and networking gurus, please correct anything that you find incorrect or add anything that you think worth noting.
Quick summary:
-Use WPA2 router encryption with a huge random password or assume anyone can see your wireless traffic or hijack your router.
-Always use a VPN and a software firewall (e.g. Comodo) on your laptop when using public Wi-Fi unless you are just surfing the web.
-It’s a good idea to have a software firewall (e.g. Comodo) even though your home router has an inbound firewall.
-Obviously have a good anti-virus software
-Most passwords are easily cracked. Consider better password use policies.
-If someone stole your home computer or laptop they could access all of your files. Is there anything in there you would want to protect? If so, you should store them on an encrypted volume on your HD.
More detailed version: kind of long but I think this is important information
-Wireless internet is inherently insecure to people snooping within the vicinity of the signal. I have read several stories of people living in completely remote areas, yet still having someone snoop or hijack their router for illegal activity. It is particularly scary that people have ended in jail for someone else's hijacked activity. This is obviously a bigger concern for someone like me, who is in signal range from many people. I believe that at the moment, if you use WPA2 on your router with a huge key (at least 20-30 random characters, no dictionary words or repeated patterns), you should generally be safe from snoopers and hijackers. Otherwise, most encryption methods with weak passwords can be cracked within minutes to days. Most secure websites (banks, credit cards, etc.) use https, which provides an additional level of security. However in general, emails are not secure, and someone could still use your internet connection for illegal activity if your wireless is not secured.
-Public WiFi - You have to be very careful when you connect to a Wi-Fi hotspot (hotel, airport, cafe). There is almost never any encryption used on those connections. Someone could be sitting next to you listening to all of your traffic without any effort. Additionally, some times those hotspots are traps set up by people wanting to sift through your traffic. The best way to use a public or insecure hotspot is to VPN into a reliable network (e.g., business or university network). Additionally, you should always use a software firewall on your laptop (Comodo is free and supposed to be better and more lightweight than ZoneAlarm) since you don't have the benefit of being behind the hardware firewall in your home router.
-Firewalls - Your home router generally provides a very good firewall against inbound traffic. However, it doesn't stop malicious outbound traffic (nor does Window's Firewall). For example, if a Trojan or virus somehow gets into your computer, many of them mine data (stored website passwords, documents, etc.) and send them out to a third party on the internet. Although people debate its necessity, I think a lightweight software firewall is useful to have on top of your hardware firewall to protect against such unauthorized events.
-You obviously need a good antivirus system.
-Passwords - probably >95% of the passwords people use can be cracked by brute force or dictionary attacks within minutes to days. Most websites only allow a number of attempts per minute, so this generally protects you against these attacks. However, if someone gets access to the hash value of your password (it happens) then they can decrypt it using those techniques. Also, if you have a password protected file or program on your computer and someone gains access to your computer, they can generally access the passwords hash values and do the same type of cracking. To avoid this, you need strong passwords that cannot be cracked easily (large number of random characters, no words from dictionary, no repeating patterns, no birthdays, telephone numbers, etc.). Doing so generally means you would never be able to memorize it. There are two ways that are recommended by the experts to go about this: (1) Randomly generate a relatively large password and write it down in your wallet or (2) Think of a song or speech and use the first letter of each word. The problem is I have 20-40 different websites/accounts, each of which has a different password length requirement/limitation. Plus you shouldn't use the same password on multiple sites because if one is compromised then they all will. So what I do is use a password management program with one very secure main password, and then store all of the different individual passwords within. I also just ordered a fingerprint scanner ($43 Eikon Digital Privacy Manager), which you can set up to automatically fill in your passwords for websites/programs/windows accounts with a finger swipe. This is better than storing passwords in IE/Firefox/Chrome because anyone with access to your comp can easily access your stored passwords (unless you set up a master password). Optical fingerprint scanners can be fooled by a picture of your fingerprint. But, someone who lifts your laptop/desktop in the night or hacks into your computer generally will not have access to your prints.
Hard drives- I have many personal/financial documents on my home desktop hard drive that I really would not want someone to able to access in the event they stole my computer. To avoid this, I am going to create an encrypted volume on my hard drive using TrueCrypt (also the Fingerprint scanner software claims similar functionality). This produces an encrypted file on the hard drive, which you can mount using the software as a normal windows drive. However, to mount the drive you need to type in your password (or swipe your finger). The data is only decrypted within the ram, but you can still play large files (e.g. music/movies) seamlessly. This is particularly important for work files on a laptop, which has a greater likelihood for being stolen/accessed.
Still a good post though. It's worth noting that RAID isn't a substitute for a backup.
