Is my System Secure From Hackers

Discussion in 'privacy problems' started by chrismc2, Jan 22, 2012.

Thread Status:
Not open for further replies.
  1. chrismc2

    chrismc2 Registered Member

    Joined:
    Nov 7, 2011
    Posts:
    10
    Hi,
    I have recently become interested in the Security of my system. To that end I have tried to set-up my system so it's as safe /secure and still as user friendly as possible. Below is my system please could you correct me on any weaknesses I may have.
    My system is partitioned with Truecrypt, I have a decoy win 7 and a hidden win 7, this is encrypted.
    I have HMA Pro Secure internet Encryption.
    Kaspersky Internet Suite 2012
    Sandboxie
    Malwarebytes Pro
    Cyberscrub Privacy Suite
    Firefox Add-ons
    Adblock Plus
    NoScrypt
    BetterPrivacy
    HTTSEverywhere
    WOT
    KeyScrambler
    Very strongh passwords (26 digits)
    I keep it as clean as possible also update when needed

    Thanks in advance
     
    Last edited: Jan 22, 2012
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    looks good
     
  3. chrismc2

    chrismc2 Registered Member

    Joined:
    Nov 7, 2011
    Posts:
    10
    Thanks for the quick response, You wouldn't add or change anything then?
     
  4. parsec

    parsec Registered Member

    Joined:
    Aug 2, 2011
    Posts:
    68
    Location:
    /local/galaxy_cluster/milky_way/sol_system/earth
    Is that only digits (1234...) or combination of digits,lowercase,uppercase etc..?
     
  5. chrismc2

    chrismc2 Registered Member

    Joined:
    Nov 7, 2011
    Posts:
    10
    sorry I should have made that more clear. It's a combination of uppercase lowercase and symbols numbers.
     
  6. SplinterCell

    SplinterCell Registered Member

    Joined:
    Jan 5, 2011
    Posts:
    48
    Location:
    Wisconsin
    The only thing you're missing is the button you push under your desk...

    ~ Removed Off Topic Image ~

    Other than that and social engineering you shouldn't have much to worry about!
     
    Last edited by a moderator: Jan 22, 2012
  7. chrismc2

    chrismc2 Registered Member

    Joined:
    Nov 7, 2011
    Posts:
    10
    Many Thanks can sleep well tonight now. lol
     
  8. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I suggest you use EMET.

    And if you sandbox everything with Sandboxie and keep strong rules you're going to stop most everything from touching your system.
     
  9. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    IMO it seems overkill.

    You could add a router. If you do so, pick one that suits your needs and configure it properly. A router acts like a 'hardware firewall'.

    A proper imaging setup.
    Several options, e.g. Macrium Reflect, Acronis etc. use an external storage medium. If something goes wrong you have the easy option to restore a clean image. Over time the system tends to become more unstable. Restoring an image so now and then helps. And when in doubt, restore a known clean image. You won't have to worry if any infections have been cleaned properly that way.

    Usually the user is the weakest link.
     
  10. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    Yes, a router is a simple way to improve security. It hides the internal network, gives you additional ports for devices and usually includes WiFi. You just have to make sure you change the default passwords for accessing the router settings and turn on wireless security (or turn off the wireless if not needed).
     
  11. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    Short answer no it is not. What is your protection from the 0day that will get discovered tomorrow in that program or process you use a lot. :) First rule of security, there is no such thing as XYZ proof. The best thing to do is mitigate the risk (which you are doing!) though always realize you can still be subject to an attack. The update you install for X can open you up to Y etc.

    As for me I do most of my web surfing in a self contained virtual image on my machine that auto recovers to a default state at shutdown. (no share or copy/paste allocation with host) Through my own track record an analysis my machine 98% of all infections were coming from my browser so I locked it down and placed it in a virtual environment which has lowered my infection to almost null. The other 2% were from adobe exploits. I have since stopped using adobe software.
     
  12. tipo

    tipo Registered Member

    Joined:
    Dec 29, 2008
    Posts:
    408
    Location:
    romania
    my opinion as well :thumb:
     
  13. noblelord

    noblelord Registered Member

    Joined:
    Aug 19, 2009
    Posts:
    162
    Location:
    UK
    I agree - if you're worried about viruses/hackers (what sort of hackers exactly?) to the extent you're going to use all that software, you'd be better off using Linux based virtual machines or booting from a Live CD.

    As a general question - who is your main adversary - who are you trying to protect yourself from?
     
  14. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
    chrismc2, question, do you want and need Windows?

    If the answer is yes, then you should really consider, in fact anyone reading this should also consider the same.

    Now depending on what you do, this might not be as good as running Windows on the actual hard drive, if you're into high performance gaming, HD movies anything high performance multimedia related, etc...

    I highly recommend Windows users to use what is called a Type 2 Hypervisor; (VirtualBox)

    https://www.virtualbox.org/

    If you really need Windows for gaming, movies etc, then you install VirutalBox on Windows and run Windows inside VirtualBox for all your online activities, this way if Windows in VirtualBox gets messed up, you either replace the files, that is if you backed them up, or use the Snapshot feature which will put back Windows to an original state all cleaned, when you made a Snapshot of a clean system.

    If you don't really need Windows for anything high performance, then it's better to ditch it, install Linux on the computer and then run Windows inside VirtualBox in Linux.

    This is called Virtualization if you've never heard this before and it's the wave of the future, being able to run multiple systems on one computer.

    If you're really into all this, then there are what are called Type 1 Hypervisors that run on the actual computer to use the hardware and take advantage of it.

    This is the simplest way to security and restoring a system and nothing can beat it! :thumb:
     
  15. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    While I dream for all OS's to follow the Qubes OS ideology, I have a few things to add. Windows is no worse than Linux if maintained correctly. Linux also has its share of baddies a user would at least need to be aware of such as kernel (root kits) and memory exploits.

    Windows is user friendly to most average computer goers and it is best not to scare them away completely. I agree with Fox if you can run it inside a VM (and make restore images) you will have very little to worry about. HOWEVER that being said you can just as easily throw a simple linux VM such as Mint onto a windows OS which is very user friendly and perform all your browsing and pdf reading in that and be just as safe. It all comes down to personal preference.

    If you plan to use VM’s I would suggest you keep them isolated, disable the main two potential attack vectors: shared folders with host, and shared clipboard with host. Both can be disabled within virtualbox and VMware. A potential 3rd attack layer to keep in mind is your network layer. Your VM could become comprised and while your primary OS will be safe, other computers on the LAN may not be.

    Made you all paranoid yet?:D
     
  16. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
    Virtualization is nothing new, the ability to run multiple operating systems on one computer has been in practice
    even before the begenning of time. These so-called modern waves of the future with virtualization are merely
    renaming and using the already avaliable brilliant technology of the Ram Disk, also avaliable even before the
    begenning of time.

    No computerized environment is completely secure from penatration.


    HKEY1952
     
  17. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
  18. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    There are methods for protection against 0day exploits.

    Perfect security doesn't exist but you only have to be more secure than the other guy out there. Hackers are not made of time/ money - they're practical.

    Running in a VirtualMachine is one way to stay secure. Exploits do happen in VMs so it's important to understand that they aren't bullet proof. You could further sandbox a VM with Sandboxie and if you have the host OS running AppLocker you'll stop remote code execution that doesn't make use of particular exploits.

    Running every program you've got in Sandboxie with EMET and strong start/run/ internet restrictions is enough to break any malware out there. Is it perfect? No. But no one bothers to lock themselves down that way so attackers aren't after that crowd - there are easier ones out there.

    Unless a hacker is dedicated they're not going to try very hard. If you've pissed an elite hat off, turn the computer off and take a vacation. There's really nothing you're going to do to stop them - especially on windows.

    No, virtualization isn't anything new but the implementation we're seeing is. Virtualized file systems per-process is new. Very different from a virtual OS.
     
  19. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
    The virtual soapbox that you are preaching from exists contradiction after contradiction that will eventually
    become the aftermath of an persistant gospeler.


    HKEY1952
     
  20. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    They hacked HBGary. What chance have the avg home user got? None
     
  21. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I'm going to need some kind of clarification here...

    No clue if you're trying to talk about sandboxie or virtualization in general or what you're saying about anything really lol.

    Against a direct attack from a legitimate hacker who knows how to whip up 0days on demand? No, not much.

    Understand that there are self-imposed time limits on these things. If a hacker is going after my machine they're not going to say "I'll spend a week on this" unless they know for a fact there will be a big payoff.

    The idea behind things like AppArmor, SELinux, and ASLR etc is to prevent 0day attacks in such a way that it forces the attacker to work within the confines provided or come up with a new playing field. These mitigations don't prevent attacks they just make them much more expensive and as users it's very easy to be much much more expensive than the other guys.

    Close up your ports. Disable running services you don't need. These are the easiest ways to harden a server and the same goes for a user.

    Throw down AppLocker if you're on Windows and can handle it. Use Sandboxie and EMET.

    Will exploits exist in AppLocker, Sandboxie, EMET? Yes. All security can be exploited or bypassed. But it forces the attacker to spend a lot more time coming up with more and more exploits to gain control - they just won't bother.
     
  22. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    The moral of this story is, anything you don’t understand is dangerous until you do understand it.
    All programs are buggy
    Security-relevant program has security bugs.

    1. Password system failures are the biggest single problem.
    2. Sequence number attacks can be used to subvert address-based authentication.
    3. It is easy to spoof UDP packets.
    4. ICMP packets can tear down all connections between a pair of hosts.
    5. ICMP Redirect messages can subvert routing tables.
    6. IP source routing can subvert address-based authentication.
    7. It is easy to generate bogus RIP messages.
    8. The inverse DNS tree can be used for name-spoofing.
    9. The DNS cache can be contaminated to foil crosschecks.
    10. Return addresses in mail aren’t reliable.
    11. Sendmail is a security risk.
    12. Don’t blindly execute MIME messages.
    13. It is easy to wiretap telnet sessions.
    14. You can subvert NTP in order to attack authentication protocols
    15. Finger discloses too much information about users.
    16. Don’t trust RPC’s machine name field .
    17. The portmapper can call RPC services for its caller .
    18. NIS can often be persuaded to give out password files .
    19. It is sometimes possible to direct machines to phony NIS servers
    20. It is hard to revoke NFS access
    21. Firewalls can’t block attacks at higher levels of the protocol stack
    22. FSP is often abused to give out files to those who should not have them
    23. It is all but impossible to permit most UDP traffic through a packet filter safely
    24. A tunnel can be built on top of almost any transport mechanism
    25. Network monitoring tools can be very dangerous on an exposed machine
    26. Hackers plant silent password grabbers
    27. Logging failed logins will often capture passwords

    Sometimes you don't need a 0 day at all
     
    Last edited: Jan 24, 2012
  23. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    Paraphrasing
    Everything that you don't know - it's safe ... until you realize it ;)
     
  24. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    There's no such thing as being secure from hackers, just varying amounts of resistance against hackers ranging from easy to break up to very tough to crack. Uncrackable, no such thing. Factor in time. What is reasonably secure today is vulnerable tomorrow.
     
  25. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    To be fair HBgary had abysmal policy controls in place or did not follow established procedure. :rolleyes: It is a shame some companies constantly put security to the back of their minds until it bites them.
     
Loading...
Thread Status:
Not open for further replies.