Feedback on my security setup?

Discussion in 'privacy technology' started by rockyroad, Feb 5, 2014.

Thread Status:
Not open for further replies.
  1. rockyroad

    rockyroad Registered Member

    Joined:
    Feb 5, 2014
    Posts:
    3
    Hi guys, first post here.

    You could say I'm on a mission to make my internet usage as secure and private as possible, call me paranoid but I think it's a wise decision in today's climate. I started thinking about online privacy just about a year ago so bear with me, I'm new to all of this.

    My setup:

    Level 0 (least secure)

    • Google Chrome in incognito mode with a few extensions

      - AdBlock Plus
      - Disconnect
      - HTTPS Everywhere

    Level 1

    • Comodo Dragon in virtual mode with a few extensions

      - AdBlock Plus
      - Comodo Web Inspector
      - Disconnect
      - PrivDog

    Level 2 (most secure)

    • Tails Live USB

    I also use CCleaner on a daily basis, and wipe sensitive information with Eraser. Regardless of the level I'm using, all IP traffic is routed via my router to a remote VPN server that I trust. DNS leak tests confirm that all DNS requests go through the VPN.

    Besides adding an OpenVPN client, I've left my OpenWRT router untouched so I'm hoping the default firewall rules that are already in place are doing their part. I reckon I shouldn't be tinkering with things I don't know much about. Although if by any chance anyone here has OpenWRT experience, feel free. I've had limited success over at the official forums.

    Is there anything else I should be looking at? Is my Level 2 secure enough on its own? I've heard people mentioning Whonix, virtual machines and air gaps but that's where they lose me.

    I'm also thinking about purchasing a second machine, a laptop, could this be put to use somehow?


    Would really appreciate any advice. Thanks!
     
    Last edited: Feb 6, 2014
  2. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    702
    Location:
    North of the 38th parallel.
    Rational paranoia is certainly not a bad thing.

    One would hope you neglected to mention the all inclusive hardening steps you took for your undeclared OS, employing best-in-breed on-access anti-virus and anti-malware, HIPS applications, were only for the sole sake of unwarranted posting brevity.

    Have you considered DNSCrypt, TrueCrypt, the Tor-Browser-Bundle and frequent back-ups?

    It does read like you are off to a good beginning though. Keep going. :)
     
    Last edited: Feb 5, 2014
  3. rockyroad

    rockyroad Registered Member

    Joined:
    Feb 5, 2014
    Posts:
    3
    I'm sorry but I'm not sure what you mean. Did I disclose too much? My intention was merely giving you guys just enough to go on so I could get some feedback on my setup.

    I'll have to take a look at DNSCrypt, can I use it even though all DNS queries go through the DNS server of my VPN? Because as far as I know it's an OpenDNS product. I'm already using TrueCrypt, and a Tor Browser is built into the Tails Live USB.


    Thanks for your input!
     
  4. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    702
    Location:
    North of the 38th parallel.
    No - quite the opposite. I was hoping you would reveal your OSs and the steps you've taken to harden it/them. That way you might invite additional peer review/suggestions.

    When you're not using a TAILS USB stick (Debian 6.0.8 based), do you use other OS(s) online? If so, what are they?
     
    Last edited: Feb 6, 2014
  5. rockyroad

    rockyroad Registered Member

    Joined:
    Feb 5, 2014
    Posts:
    3
    Oh I see. The only OS I'm using besides Tails is Windows XP Pro SP3 with the latest security updates. Steps to harden it.. well, none really as far as I know.



    • Chrome blocks third-party cookies, sends a 'Do not track' request, disables location tracking as well as microphone & camera access.

     
    Last edited: Feb 6, 2014
  6. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    702
    Location:
    North of the 38th parallel.
    Of course the internet is full of documented XP weaknesses. If you are adamant about retaining the computer you run with XP, at least consider making it a dual boot system with a Linux distro of your choice - that is if the hardware resources will not permit a migration to Windows 7/8 comfortably.

    Reputable vendors are selling $300USD systems w/Windows 8.1 included.

    Black Viper's guide has stood the test of time. However, don't make all his suggested changes at the same time lest you brick your system. Make a precious few, or one at a time, then reboot and test. Then continue.

    -http://www.blackviper.com/service-configurations/black-vipers-windows-xp-x86-32-bit-service-pack-3-service-configurations/-

    Again, the devil is in the details - MBAM Pro or free?

    I'm not sure if "Comodo Internet Security Premium" is known by that exact name now.

    Have you considered Sandboxie?

    It's time to put into practice what you've learned here. Go back a few months in the applicable Wilders sub-forums and your security/privacy awareness will certainly multiply.
     
    Last edited: Feb 6, 2014
  7. Grassman20

    Grassman20 Registered Member

    Joined:
    Jul 14, 2013
    Posts:
    26
    Location:
    USA
    Microsoft will be discontinuing support for Windows XP on April 8 2014. That means no more updates or security patches, making XP highly vulnerable.

    I'm a big fan of Windows 7, but I've recently decided to go all Linux. It's not perfect, but it's a lot better than Windows I'd say.
     
Loading...
Thread Status:
Not open for further replies.