New to security want to build a secure system

Discussion in 'privacy technology' started by gtredx69, Apr 16, 2012.

Thread Status:
Not open for further replies.
  1. gtredx69

    gtredx69 Registered Member

    Joined:
    Apr 16, 2012
    Posts:
    4
    Location:
    UK
    Hi folks,

    New to security, was something I always felt I needed and tried a bit but I was never really secure or anonymous.

    I am using win7
    McAfee security
    I have truecrypt, a few containers which I may run P2P/torrent from

    Macfee has a feature called shred which I use.

    After reading these forums I have started experimenting with sandbox and VM Virtual Box, is there a preference to these, haven't tried Virtual Box yet as i am downloading win8 to test with.

    Also I think I will use a VPN in the near future.

    Can you folks help me become more secure and anonymous
     
  2. CogitoTesting

    CogitoTesting Registered Member

    Joined:
    Jul 4, 2009
    Posts:
    901
    Location:
    Sea of Tranquility, Luna
    Hi

    Welcome to Wilders. My motto when it comes to security is to keep it simple. Nonetheless, you should also have a layered security comprised of non overlapping elements. My suggestion is my signature when it comes to Windows. Currently I'm using: Private Firewall, Avast Free Antivirus 7, and Bufferzone 4. I can tell you that my system is very responsive, fast, and secure.

    Thanks.
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Given that you're keeping your torrent files in Truecrypt containers, I'm guessing that you want them to stay private. If that's the case, downloading them privately and anonymously would also be wise. So using VPNs is probably the first improvement to make. Have you looked at -http://www.youhavedownloaded.com/ ? BolehVPN and Mullvad are good one-hop torrent-focused VPNs.
     
  4. gtredx69

    gtredx69 Registered Member

    Joined:
    Apr 16, 2012
    Posts:
    4
    Location:
    UK
    Hi Cogito,
    I gather BufferZone is the same principles as Sandboxie as in working in a protected environment from your operating system?

    Mirirmir, thanks for the VPN suggestion, I was looking through the really looong thread on that topic for a few days now and I am mostly decided on BolehVPN.

    But if I use VitrualBox to isolate my main o/s and even put that on a truecrypt container that should protect my main o/s from wondering files and windows habit of recording info everywhere.
     
  5. JackReacher

    JackReacher Registered Member

    Joined:
    Mar 17, 2012
    Posts:
    67
    Location:
    South of the North Pole
    Hi,
    Glad your becoming interested in protecting your privacy and security. I am somewhat new to the security scene to, but am a little more familiar with the privacy side of things.

    Two of the key things I have learned from this forum and elsewhere, are that a critical aspect of security and securing your privacy is learning how your system works and learning the logic behind different security programs and that it is very hard to secure yourself from all threats you must understand who you are trying to protect yourself from and state it in your posts if you wish to get the best advice.

    That being said, I can help you with some of the basics as far as privacy is concerned.

    A VPN (or alternative anonymization layer) is a great start. If you desire greater anonymity you could combine multiple anonymization layers such as using a VPN over TOR and pay using Bitcoin/Cash/Liberty-Reserve (this is overkill for most people). If you live in the U.S. make sure to choose a VPN provider located outside of the U.S. preferably in SE, NL, ME or another privacy friendly jurisdiction. There is lots of info on how to choose a good vpn so I won't go into detail (See Dasfox's VPN megathread).

    Understand how you are being tracked/watched/profiled across the internet and how you can be identified, and learn how to fight it (this one I'm still working on). As far as I know the primary ways we can be tracked are through 1) 3rd party tracking cookies, 2) online accounts (i.e. google/gmail/etc), 3) IP Address, 4) Social Networks, 5) Social Widgets, 6) Other 3rd Party Elements, 7) Browser Fingerprinting.

    I recommend switching to Firefox if you don't already use it, using private browsing mode or at the least blocking third party cookies and deleting your browsing history frequently/at browser shutdown. I also recommend browsing through the privacy and security extensions for Firefox.
    A few I would recommend for intermediate/advanced users are: Noscript, Request Policy, Cookie Monster, and Https Finder (in combination with Https Everywhere).
    A few I would recommend to all users are: Adblockplus (with easylist + easyprivacy OR Fanboy's list + Fanboy's Tracker/Stats blocking) and Adblockplus Pop-up blocker, Ghostery OR Disconnect, Https Everywhere, Cookie Culler, Better Privacy, and LastPass.

    There are many more addons that I haven't covered you should browse through the addons on your own.

    Another important aspect of maintaining your privacy is modifying your own behavior to achieve this objective. For instance try not to browse the internet while logged into facebook/google/twitter/yahoo/aol etc, delete your cookies frequently, do not use real information in forms unless it is necessary, use alternate search engines/services (instead of google/yahoo/etc)

    If you engage in filesharing some basic precautions include using either a paid VPN or a Seedbox (hopefully hosted in SE, NL, or DE*), Using a blocklist program like peerblock that blacklists the IP addresses of known spyware distributors, anti-piracy organizations, ad servers/trackers, etc, Refrain from downloading newly released content, and try to download from trustworthy uploaders. Probably the most important of these considerations is choosing a VPN which you can trust.
    *DE is somewhat controversial but trusted by many in the industry

    This covers some of the aspects of maintaining your privacy and your anonymity but is far from comprehensive, in depth, or complete. There are many strategies that can help you to limit 3rd party tracking but there is only so much you can do against 1st party tracking (think google) especially on sites which require registration. There is a plethora of tools out there to help you but you need some understanding of what they do, what they protect against, how they interact with each other, and most importantly how you can be tracked or monitored.

    It is also important to note that your true identity or IP address, can be leaked, or anti-tracking defense can be compromised, if you don't properly secure your system.

    A couple resources to check out are:
    The AirVPN forum (good info on VPN's)
    The Pirate Bay Forum: SUPRBAY (specifically this thread on safe torrenting and this one and this one on screening your torrents)
    The Electronic Frontier Foundation (Creator of HTTPS everywhere and a good source of info on digital privacy and internet freedom, consider donating)
    The Stanford Center for Internet and Society (Info on policy and projects to protect privacy, internet openness, etc)
    TorrentFreak (Torrent related news, tutorials, etc)
    GizmosFreeware: Security List (list of free security software, as well as articles on protecting your computer and privacy)

    I would also like to direct you to a few threads on this forum
    My thread on practical privacy protection
    Dasfox's VPN megathread
    Happyarou666's VPN "Whitelist"

    A couple questions you should answer to direct your efforts and get more accurate help:
    Who are you trying to protect yourself from?
    How anonymous do you need to be?
    What country/jurisdiction do you live in?
    Are you trying to protect a desktop, a laptop, or a home network?
    where do you want to be anonymous (i.e. the web? email? bittorent? globally?
    Wow I wrote a lot more than I intended and it should take at least a few hours to explore the links I gave you so I think I will leave it at that
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    :)

    Yes! If in doubt, compartmentalize ;) See -http://en.wikipedia.org/wiki/Compartmentalization_%28information_security%29
     
  7. gtredx69

    gtredx69 Registered Member

    Joined:
    Apr 16, 2012
    Posts:
    4
    Location:
    UK
    Many thanks for the reply Jackreacher, sorry I haven't posted back sooner to say this but have got caught up reading your links which lead onto more links. I have enhanced my knowlwdge quite a bit. Thank you

    So going to give my PC a complete security revamp.

    I am now down to a choice betwen Airvpn and BolehVPN. I am from the UK were our privacy is being eroded everyday, so I want to avoid interferacne form the UK in chossing my VPN. Am I right in saying that AirVPN is from the EU and the EU is possible even worse than the UK with regards to peoples privacy. This is my reason for BolethVPN. Any feedback on thiso_O

    I think I will use VirtualBox to run a seperate o/s enviroment to keep my pc protected, and place this in a truecrypt container. This will ensure I am protected from downlaoding malicous code, also will keep my main PC clean and hide my surfing tracks. Can Virtualbox make use of snapshots as in return O/s to previous state or is that for Sandboxing only?? Also what type of anti virus would you install in Virtual box for win7 as you know I use McAfee but is that too bloated for VM

    McAfee is this a good firewall, antivirus program or do you think big boys such as these record your activites as well..

    Is there anything else I need to secure my PC. As i said I am from the UK and don't like whats happening with respect to privacy but that said I will be using the connection for P2P/torrent activites I like to explore the net and differnet peoples view points but I don't want to be labelled or put in a box cause thats not me
     
    Last edited: Apr 22, 2012
  8. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    BolethVPN is an excellent choice as a fast, one-hop VPN. Malaysia seems to be a very low-profile and independent country.

    If you do that, make sure to mount the Truecrypt container before starting VirtualBox. Otherwise, it will complain about not finding VM files stored there.

    Yes. But be careful, and make sure that you understand how VirtualBox.uses snapshots, because it's possible to break VMs by flailing about.

    McAfee is probably OK as Windows anti-malware. I just use MS Essentials, because it's much lighter. Linux VMs don't need anti-malware. Adding a hardware router/firewall and putting your modem in bridge mode would be wise. OpenWRT can be flashed on some routers, and pfSense runs on low-end PCs (but needs two NICs).
     
  9. JackReacher

    JackReacher Registered Member

    Joined:
    Mar 17, 2012
    Posts:
    67
    Location:
    South of the North Pole
    @gtredx59

    Possibly. Your situation is somewhat different from mine seeing as you are a citizen of an EU country and I am not. I am less worried about the EU and more worried about my own government.

    That being said, I know that Sweden has yet to implement the EU data retention law and Germany has ruled it unconstitutional, The Netherlands seem to be well trusted by privacy enthusiasts but I am not sure what laws they have on the books. AirVPN is quite open about where they host their servers and why. I would head over to the AirVPN forum or FAQ for their 'official response.' A fundamental difference between the two companies is their respective target demographics and their missions. Boleh is aimed towards P2P users and torrenting for the most part while AirVPN is oriented towards activists and dissidents in repressive countries specifically, and activists in general more broadly.

    A couple links which could help:
    AirVPN Terms of Service
    AirVPN Privacy Policy
    Iridium Company Profile

    This last link is somewhat troubling to me, I overlooked the connection between Iridium and AirVPN when I previously reviewed their privacy policy. It seems that Iridium is either the parent company or the Upstream(?) partner of AirVPN. Iridium is based in the U.S. and has provided services for the U.S. Dept. of Defense.

    This doesn't necessarily mean they shouldn't be trusted, they openly disclose this relationship, but it does make me more wary of them. I will try to contact AirVPN about this issue and see if I can get their official response.


    @Mirimir

    I think in the OP's case and my own, it would make sense to use some anti-malware software within the Linux VM. This is because the VM is running inside of a windows installation. If an infected file downloaded from the internet were transferred from the Internet facing VM to the Windows OS it would be able to infect the Windows OS. However, I may be missing something as I'm new to virtualization.
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Good point :) I only use Windows machines for work, and don't mix work and play ;) But I have used ClamAv on Linux, and it seems to work well.
     
  11. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
  12. JackReacher

    JackReacher Registered Member

    Joined:
    Mar 17, 2012
    Posts:
    67
    Location:
    South of the North Pole
    Your write Dasfox, Linux is much better out of the box in terms of security and otherwise generally. Ideally, I would switch to Linux for security reasons and because I believe in open source software. But, I need to be able use Microsoft word and excel for school and I also use my PC for Netflix and Gaming which I cannot do with Linux. I currently dual boot and use win 7 about 80% of the time but use a Linux VM to access the internet.
     
  13. Snowden

    Snowden Registered Member

    Joined:
    May 2, 2012
    Posts:
    68
    I'm new to this as well so this is more of a question not advice... Wouldn't Full Disk Encryption be the best option all around? I understand compartmentalization but why expose yourself at all if you don't have to?
     
  14. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    It's not just about what someone might find through physical examination of your computer. Malware could compromise your private information. For example, Anonymous managed to compromise many users of child-porn sites hosted as Tor hidden services. They planted malware which posed as a crucial Tor security update. When installed, the malware waited until users shut down Tor, and then reported the users' true IP addresses to the attacker.
     
  15. Snowden

    Snowden Registered Member

    Joined:
    May 2, 2012
    Posts:
    68
    Very good point...I was thinking too single-mindedly.
     
Loading...
Thread Status:
Not open for further replies.