Feedback on my security setup?

Hi guys, first post here.

You could say I'm on a mission to make my internet usage as secure and private as possible, call me paranoid but I think it's a wise decision in today's climate. I started thinking about online privacy just about a year ago so bear with me, I'm new to all of this.

My setup:

Level 0 (least secure)

• Google Chrome in incognito mode with a few extensions
  
  - AdBlock Plus
  - Disconnect
  - HTTPS Everywhere

Level 1

• Comodo Dragon in virtual mode with a few extensions
  
  - AdBlock Plus
  - Comodo Web Inspector
  - Disconnect
  - PrivDog

Level 2 (most secure)

• Tails Live USB

I also use CCleaner on a daily basis, and wipe sensitive information with Eraser. Regardless of the level I'm using, all IP traffic is routed via my router to a remote VPN server that I trust. DNS leak tests confirm that all DNS requests go through the VPN.

Besides adding an OpenVPN client, I've left my OpenWRT router untouched so I'm hoping the default firewall rules that are already in place are doing their part. I reckon I shouldn't be tinkering with things I don't know much about. Although if by any chance anyone here has OpenWRT experience, feel free. I've had limited success over at the official forums.

Is there anything else I should be looking at? Is my Level 2 secure enough on its own? I've heard people mentioning Whonix, virtual machines and air gaps but that's where they lose me.

I'm also thinking about purchasing a second machine, a laptop, could this be put to use somehow?


Would really appreciate any advice. Thanks!

 

Rational paranoia is certainly not a bad thing.

One would hope you neglected to mention the all inclusive hardening steps you took for your undeclared OS, employing best-in-breed on-access anti-virus and anti-malware, HIPS applications, were only for the sole sake of unwarranted posting brevity.

Have you considered DNSCrypt, TrueCrypt, the Tor-Browser-Bundle and frequent back-ups?

It does read like you are off to a good beginning though. Keep going.

 

I'm sorry but I'm not sure what you mean. Did I disclose too much? My intention was merely giving you guys just enough to go on so I could get some feedback on my setup.

I'll have to take a look at DNSCrypt, can I use it even though all DNS queries go through the DNS server of my VPN? Because as far as I know it's an OpenDNS product. I'm already using TrueCrypt, and a Tor Browser is built into the Tails Live USB.


Thanks for your input!

 

No - quite the opposite. I was hoping you would reveal your OSs and the steps you've taken to harden it/them. That way you might invite additional peer review/suggestions.

When you're not using a TAILS USB stick (Debian 6.0.8 based), do you use other OS(s) online? If so, what are they?

 

Oh I see. The only OS I'm using besides Tails is Windows XP Pro SP3 with the latest security updates. Steps to harden it.. well, none really as far as I know.

• I use Malwarebytes Anti-Malware and Comodo Internet Security Premium. I followed this guide when configuring Comodo:
  http://www.techsupportalert.com/content/how-install-comodo-firewall.htm

• Chrome blocks third-party cookies, sends a 'Do not track' request, disables location tracking as well as microphone & camera access.

• Default search engine for level 1 & 2 is https://www.startpage.com

 

Of course the internet is full of documented XP weaknesses. If you are adamant about retaining the computer you run with XP, at least consider making it a dual boot system with a Linux distro of your choice - that is if the hardware resources will not permit a migration to Windows 7/8 comfortably.

Reputable vendors are selling $300USD systems w/Windows 8.1 included.

Black Viper's guide has stood the test of time. However, don't make all his suggested changes at the same time lest you brick your system. Make a precious few, or one at a time, then reboot and test. Then continue.

-http://www.blackviper.com/service-configurations/black-vipers-windows-xp-x86-32-bit-service-pack-3-service-configurations/-

Again, the devil is in the details - MBAM Pro or free?

I'm not sure if "Comodo Internet Security Premium" is known by that exact name now.

Have you considered Sandboxie?

It's time to put into practice what you've learned here. Go back a few months in the applicable Wilders sub-forums and your security/privacy awareness will certainly multiply.

 

Microsoft will be discontinuing support for Windows XP on April 8 2014. That means no more updates or security patches, making XP highly vulnerable.

I'm a big fan of Windows 7, but I've recently decided to go all Linux. It's not perfect, but it's a lot better than Windows I'd say.