Security/privacy concerns

Hi,

I'm looking for suggestions on how I can improve security and protect my privacy.

This is what I do/have so far:

*Windows 7 Home Premium

*Microsoft Security Essentials

*Malwarebytes Anti-Malware

*Spybot-SD Resident

*Whole system is encryped with TrueCrypt (50+ characters password I can remember in my head)

*CCleaner to remove browser history/DNS cache etc

*CCleaner secure erase (1 pass) once a week

*Pagefile and hiberfil removal (daily) I read sensitive information can be stored here, like banking details.

*I always use an SSL VPN (2048 bit) when surfing/downloading

*I have no system restore points available

*Windows 7 User Account Control on highest setting (protection from hackers?)

*Network set to public with no sharing available


Why am I doing all of this? I download movies from time to time. I may be paranoid but I'm interested in staying anonymous on the internet and keeping my computer clean from evidence.

Are there any files similar to pagefile and hiberfil that stores information in the memory or somewhere else?
Is CCleaners secure erase reliable?
Do I need another program/step to erase my browsing history?
How can I protect myself from a Cold boot attack?
Can authorities extract any information from the computer memory or somewhere else, even if I remove pagefile and hiberfil?

Thank you for taking your time to read this, I really appreciate it.

 

Looks pretty good. While TC protects you when the computer is off (laptop?), it does nothing for an always on desktop. I'd also use TC Hidden Containers and portable versions of browsers and email clients. That way, you can un-mount them when not actively browsing, and they will be protected from snooping. You also won't have to worry about 'cleaning' the tracks from those. You can encrypt the pagefile as well:

http://www.ghacks.net/2011/04/04/encrypt-your-windows-pagefile-to-improve-security/

To prevent a cold boot attack, you need to get the TC bootloader off of the MBR of the hard drive. You can download WinGRUB and Grub4DOS from sourceforge:

http://sourceforge.net/projects/grub4dos/

Check the TrueCrypt forums for the exact process on how to do it. You'll basically be putting your rescue cd on a bootable USB and booting from that. Then you hit ESC and have TC put the Windows bootloader back on the MBR. Your computer will now not be able to boot without the USB, and always having it with you, prevents an evil maid attack on the TC bootloader.

PD

Edit: Transposed Cold Boot and Evil maid, I described Evil Made. EB covered Cold boot: Turn it off and watch it for 60 seconds or so.

 

I am going to break your original post up with my replies to make it easier to see what I am addressing.

I am going to break your original post up with my replies to make it easier to see what I am addressing.

Very good, for this to be effective you do need to power down your machine when not in use.

May I offer a suggestion? Why not look into hypervisors? Look into either virtualbox or VMware and run your internet activities in there. This would reduce your risk of infection/tracking to almost nil. I can expand on this point if you want me to.

There are many places in Windows systems that log events, you have mentioned one of the peskey offenders “hiberfil. If you did do a FDE this shouldn’t be a problem, though if you do not require hibernation capabilities open up command prompt and type in the following as admin:

powercfg.exe /hibernate off

Disabling hibernate will stop the hiberfil from being created. Why is that file such a big risk? When your computer goes into hibernate, that is the location it dumps all session data from RAM, including application data. As for the pagefile I wouldn’t disable that as depending on your machine you may give your self unwarranted memory errors.

This would protect your location and data stream but not prevent compromise if files you download are infected or malicious.

Do you perform manual backups? This could be a single point of failure in your set up if not.

Protection from malicious programs. Not from hackers or 0 days which can circumvent the UAC and achieve privilege escalation.

This will not add to much value as I assume you trust your own LAN? You also know its security set up and who has access?

Allow your volatile ram several minutes after shutdown to fully clear. You are more at risk from an evil maid attack. Additionally if you were targeted in that way, you should assume no security when your encrypted computer is out of your physical sight.

If you are in the states and you are using FDE with a 50+ character password you will be safe from anyone circumventing it. Now if they can get you to give up the passkey willingly well that’s on you. But an unmounted disk is plenty secure.

 

Personally I think that you have more than a good enough setup to be downloading movies...

I like the suggestion of using a TC volume and storing portable apps like your web browser etc inside of it. If you really want to setup something James Bond like you could setup a hidden OS and a decoy OS with TC see here: http://www.truecrypt.org/docs/?s=hidden-os This would protect you even if you had to give up your password.

Also you may want to consider using one of these search engines to help improve your privacy even more. They do not record your IP address or your searches:

https://ixquick.com/

https://startingpage.com/
https://duckduckgo.com/

 

I didn't see a firewall mentioned anywhere, Windows firewall is substandard. A password manager should come in handy too.

 

How so? I would agree with you if we are talking about Windows 2000, though I am referencing the most recent Windows 7 firewall. The firewall is plenty functional for blocking both inbound/outbound based on rules or protocols as most third parties. The difference is it doesn’t come with marketing gimmicks or bloatware other than that its on par with 3rd party vendors. Also since it is integrated into the OS itself that is a big plus. I’ve been using it for a couple years now without incident and if creating advanced firewall rules are too ominous there are plenty of tools that will allow you to configure it with simple point and clicks.

 

or use commodo fw and be on your way , no need for windows firewall , not a big fan myself tbh, just thinking about it gives me a headache

 

I would be very interested to hear about it. Perhaps in another thread (or even here if the OP doesn't mind)?

 

Maybe more than you want ...

https://www.wilderssecurity.com/showthread.php?p=2001756#post2001756

 

Interesting. If I use a TrueCrypt volume with a portable browser within it, is everything (history, cookies and ALL other tracks) saved in the TrueCrypt volume instead on the computer? I like chrome, is this one a good choice?

http://portableapps.com/apps/internet/google_chrome_portable


I use a stationary computer btw.

 

Unlike other firewalls, Windows firewall doesn't give you any warning on outbound connections, when software installed in your computer wants to access the Internet.

 

This seems interesting. I'm gonna have to read up on this before trying it out. I tried installing it but it said it would interfer with my network connection, therefore I need to know exactly what it will do before I try it out. Please explain further if you have the time.

Alright. I already have hibernate disabled so no information is stored in hiberfil. You say there are many places windows log events, do I need to take any additional steps to prevent data recovery or am I "safe" due to FDE?

I read somewhere that forensics can recover information easier from a computer if there are system restore points available, hence I removed them. I have important data backed up on external harddrives.

I'm the only user on my network, but I have very little knowledge of network security, that's why I thought a public network would be the most safe due to it having stricter rules.


I appreciate your help.

 

If alerts are your thing, I would recommend a firewall controller which would give windows firewall that functionality.

Gladly, a type 2 hypervisor more commonly known as a virtual machine runs within a conventional operating system (OS) environment. It creates a second layer that allows this second OS to run in an isolated environment from your host OS. Here is how I use mine to give you a better understanding of the point I was making:

I run a Windows 7 Professional x64 bit OS for my personal use, installed on that I have virtualbox, which allows me to operate any additional OS I want. A simple double click and a second OS will load up in a window just as any application would. For my internet browsing I keep an updated Linux Mint image, after I am done I simply restore the image back to how it was prior to my internet browsing. This means any tracking cookies, evercookies, or any exploits that hit the guest OS during my browsing have all been wiped. That is one of the great things about virtual machines, since at the time of writing this there are no practical ways for malware to jump out of the VM and infect the host thus any usual infections you would get normal no longer apply.

You are safe with FDE as long as you power down your machine when done. I honestly wouldn’t go any further than that. From a forensic standpoint, the event logs are trivial and information can be gathered long before even considering looking at the audit logs.

Forensics can recover information from many locations and infer from many data points. If the hard drive your OS is running out of is encrypted properly then you are ok.

Here are some general hardening tips for home network security:

-Harden your router configuration by disabling remote login and changing the default admin password.
- Enable the router SPI firewall
-Enable logging of security events/ connection attempts (If supported)
- Update firmware when possible

In addition for wireless local networks:

- Disable Wi-Fi Protected Setup (WPS)
- Disable UPnP (Unless you can justify an absolute need)
- Enable WPA2 with AES only
- Use a 25+ character passphrase and change it every 3 to 4 weeks
- Change the default SSID


Debunking some general held beliefs on wireless security:

-Hiding the broadcasting of your SSID will not hide you from attackers
-Enabling MAC filtering will offer no protection from attacks

 

For the tracking cookies I prefer keeping User_Data on a RAMDisk. Forensic recovery from RAM... does that even exist? I mean after it's been cleared, of course.

VMs are too heavy for me.

Having exploits trapped in the VM is definitely nice though.

 

In my experience, virtualization overhead is very sensitive to host-hypervisor-guest combination. Linux-VBox-Linux feels very light. So do Linux-VBox-WinXP and Linux-VBox-Win2008. But Linux-VBox-Win7 is very sluggish. ESXi-Win7, on the other hand, feels very light. But maybe you're just very demanding of your machines

 

It is the best you can do if you aren't going to encrypt the entire OS. Windows is messy, so YMMV....but portable apps are a lot 'cleaner' than installed ones.

PD

 

Cold boot attack is the only real forensic method that can be used against ram. Although it is possible if data sits in one "place" to long it will take longer for it to "fade" out. This is why some tools like PGP place two copies of the encryption key in RAM one is normal one is bit-inverted it then swaps them back and forth every 'x' number of seconds.

I agree on the VM front. I can't stand to use them for this. I run Linux and run Linux in a VM, the VM always lags to crap and there is no way I am going to be watching videos in it either.

I figure i'm safe enough just by using linux and Chrome anyways.

 

I have created three separate truecrypt volumes for portable skype, chrome and utorrent. How safe am I now? Will my usage still leave footprints on the computer even if I dismount the volumes when I'm done? Any other suggestions?

 

Even using portable apps within encrypted containers you are still using a primary OS to run those apps and that is leaving traces of their use. The PII may be contained in the volumes though evidence of their existence is not.

 

lols how hard is it , just fde your entire drive with hidden os , and in that hidden os do the same for your externals aka hidden volume and outer volume , no worries of password traces etc , make sure you power off your pc when not at home and nobody should recover anything, or you could even setup a motion sensor that once tripped will immediatly power down your pc , oh and of course use a 35-64key passphrase that you memorized


p.s: someone is working on removing the only security hole in this setup aka the ram wich theyd have to be quick about it if they wanted to recover anything from that toasty ram , theyre working on using the cpu for storing the pass instead, so the only hole left would be your pass and how important your data is to you to go through rubber-hose cryptanalysis