mxico 0 Posted ... I'm making a concerted effort in becoming fully conscientious of information security both in my own computers and the networks I connect to starting from my ISP's router at home, and I'm looking for some recommended defensive methods and current reading materials. For the more security conscious here, what are some of your ways of monitoring your day-to-day security? Do you use a second computer as a custom firewall? Do you have Wireshark running in the background and check it every 15 minutes? Not really looking for "overkill" type judgements as it's an interest of mine and I hope to start a career in UNIX systems administration in the future. Recommendations are greatly appreciated Share this post Link to post
Casper31 73 Posted ... I'm making a concerted effort in becoming fully conscientious of information security both in my own computers and the networks I connect to starting from my ISP's router at home, and I'm looking for some recommended defensive methods and current reading materials. For the more security conscious here, what are some of your ways of monitoring your day-to-day security? Do you use a second computer as a custom firewall? Do you have Wireshark running in the background and check it every 15 minutes? Not really looking for "overkill" type judgements as it's an interest of mine and I hope to start a career in UNIX systems administration in the future. Recommendations are greatly appreciatedI recommend Pfsense as a firewall/router and use a few clients (on pf) to connect to Air.For configuration of Pfsense use this forum and you can have a look overhere:https://nguvu.org/pfsense/pfsense-baseline-setup/https://nguvu.org/For a good oversight look at this:privacytools.ioAbout several Privacy/security-subjects :restoreprivacy.com Gr, Casper 1 whitewolf75 reacted to this Share this post Link to post
Dawind 4 Posted ... PFSense is a great budget DIY solution for a firewall/router, especially if you happen to have a spare computer laying around.If you have money to spare, you could look into things like Palo Alto 220. Lab units can be bought for few hunded bucks and yearly license is maybe $100-200 depending on what you want. Might be a little overkill for home networks, but it is a nice thing to play with. Checking Wireshark every 15 minutes is overkill imo, as it takes some time to actually read and understood the output. I would rather just keep something like TCPview on your secondary monitor, as you spot some of the abnormal activity from it aswell. Depending on what machines are on your network, you should be doing some network segregation. Workstations on their on VLAN, IoT devices like your smartfridge or toaster on a different VLAN and possible network accessible machines on a DMZ VLAN. Then some basic rules on your firewall to allow workstations to connect to other VLAN but not vice-versa. Share this post Link to post
cm0s 118 Posted ... (edited) one of the main resources i use is eli the computer guy on youtube and watch a lot of defcon / tech vids after a while everyone finds out what they need and like for their own situation how i run arch is probably not good for most, flawed and completely different than the way someone else might run arch, i loaded up manjaro the other day for a looksy and got lost in it, straight up, got lost, way too much for me but to answer your question, i think the first thing to be identified is the actual concern, the term 'threat model' is often used but not too often given to real world terms, meaning 'conditions on the ground' application for most folks in my area, norhteast united states it's the ISP, Verizon, the major players that are the real threat, and that is generic, legal datamining this has nothing to do with ethics, morales etc. this is about money, big money these companies have 24 PHDs and a floor full of extremely talented programmers all backed up by big lobby and another room full of lawyers, for a real world grasp, shut off cookies and javascript, go to facebook's home page, right click on it, view page source, and what you will be looking at is code that is worth billions of dollars company i used to work for, i used to sell microsoft networks back in the day we were a certified dealer, had microsoft staff in the shop once in a while, we had some state contracts here in PA and lots of minor day to day floor traffic fixing Dell boxes etc. back then, before the merge between the cellular industry and internet, just like anyone else, if you would have said 'meta data' was going to be a game changer, well that would have not been too high on the list to say the least you got to remember, nobody had a phone in their hand that could chat, make a call, run a webcam, trade stocks in Europe and order donuts for the techs, the infrastructure wasn't there yet and that is to my poin: the operating systems back then were on the right track, they were lean, Windows 2000 was on the right track, i literally at that time built custom DAW workstations on that operating system, on those drivers, they were stable, solid, did nothing fancy so software in general, was not built with 3rd party involvement, no outgoing connections, all anyone had to do in microsoft land was take the best of Windows 2000, the best of Windows 7, lean it up a bit, get rid of any and all bloat, harden it and you would have had a super bad ass kill linux box operating system, and the gamers themselves would have taken it over at that point, software was still written with the business model that sales and license fees make the buck, income stream, once the cell industry and the ISPs merged, the dynamic, the motive really to how and why software gets coded, the purpose of design, changed dramatically linux is no better, it just got lucky because it held very little interest in the desktop market if linux would have traded spots with microsoft or apple, same problems, and you can actually see it starting already today, the pre rolled distros, first thing they want to do, connect, call out, even Kali, connect, call out and all the other pentest distros, if you have a live distro for pentesting well don't ya think thte first thing ya want shut off and down at boot is connecting to anything? see my point? meta data is the game changer, that simply translates, once scaled, into raw political force in any country and it goes all the way back to what a PHD dude from Cambridge Analytica stated, and the bruh was spot on: 'the problem with facebook aka social media, operating systems phones apps etc is the business model' ask yourself, why hasn't anyone taken the best of tor, maybe made it more wide, why is http even allowed still, and so on, coz of money, so what we see and view is almost 100% 'human hacking' what does this got to do with your orginal post? everything, coz now you know what is the primary target, where the payload goes to: me and you and we are the problem, the real world problem i'll back that up: you look at facebook, we literally give them all of our data, access to everything, for nothing we pay our ISP's bill to then give our friends, family, coworkers and on an on to a corporation built on a business model of this: the more they collect, the more they sell, the more they make ya got to remember the one advantage i may have, with anyone my age is perspective, i knew the net before the cell biz ISP merge i knew Microsoft and worked indirectly for them before the merge if you sugar coat the poison is the human hack here i'm not different, if iwas a programmer and the boss walked up to me and said 'build this OS or app and if we make xyz deadline or meet xyz approval you will make xyz amount of additional income, i'm in' same deal with a website database, if i build a shithole that does xyz but also gets really popular and i collect the right data that is sought after by the ad industry, you walk up to me and go 'i'll give you x amount of dollars' i'm probably gonna sell hit the about:config url in mozilla and search 'url' search 'social' search 'wifi' search 'remote' search 'update' then extract all your plugins and extensions etc you will see how much of what you do is collected and piped to 3rd partys just look at google ssafe search as example, can you really get any more full of shit so going back the purpose of design, the motive, that's the threat, that's the flaw, that's what needs to be hardened linux in genearl isn't popular, malware authors code exploits to make money, bot authors want their networks running smooth so most of that 'financial targeted' exploits is aimed at the popular stuff gentoo and arch is even less popular, and the thing is if you have your own repo, roll your own kernel, just by modding your stuff 'your way' coz i say 'fuck the arch way', your on linux to do it the way you want, you just left shit operating system closed source where someone else told you how to roll' case in point in legal datamining, almost all of the linux community is on that shit data mined irc server freenode even the tor developers don't run an onion server well at least listed anyway harden the browser, harden your linux, best ya can, biggest threat to my local to my box is me, the monkey at the keyboard and i'll say this in Mark Zucerberg's favor and any social media business with any kind of voting system, coz that is and has been the multibillion dollar click, just beautiful all the way to the bank: those companies saw and applied a value metric to our data, to our click, they applied a value to what we think and do and who with and that right there is a very serious tough pill to swallow Mark Zuckerberg has a jet in his driveway not because he even exploited my data, or was unethical with it but mainly because he offered me a like button that i could click on to give a voice on his platform so the real problem that Cambridge Analytica was talking about, coz for them that was business as usual is until the internet as a whole gets together and decides that their network traffic is theirs, should be protected like a utility world wide, such as water, gas, electric, coz today it is exactly that, my ISP Comcast is a utility without the correct use of government regulation, at the federal level, why shit gets wild west treatment still, same flaw as when Enron went in to California and manipulated the power grid i'm no diff, you put me as a day trader behind a business model i can exploit to make x million in 3 hours i'm in, i'll smash that like button all the way to the bank Edited ... by tokzco 2 Morgoth and Limbo reacted to this Share this post Link to post
OpenSourcerer 1442 Posted ... Remember the Pareto principle: You do 80% of the work with 20% of your effort. So don't make the mistake to do too much, otherwise you disappear so much that you begin to stand out again.Surf with less eyes following you by simply installing a few addons. You use your browser to get info and fully automated tracking measures are much more difficult with this. 20% effort, 80% effect.Replace closed source with open source software. You can never know what is being done behind the door, but you or someone you trust can by looking at the code of open source software. Again, 20% of effort leads to 80% of the desired effects.If you purchase hardware, you do so because you need a feature that this hardware is designed to automate for example. You do 80% of effort because money is a very expensive resource, yet you only gain 20%. Same with software: Applying completely overkill patches to software (like the "Ultimate hardening of Firefox guide via prefs.js" thread) takes a great piece of your own comfort away (80%) only so that a few sophisticated and expensive tracking methods (which might not even exist) cease to have an effect on your client (20%).K. I. S. S. Keep It Simple Stupid. And you get more than you do by thinking about it in the most paranoid way. Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
cm0s 118 Posted ... i'll play along...the thread is called:SERIOUS TIPS FOR SECURING MY COMPUTING DOMAIN AND ACTIVITIESthe web browser is the one piece ofsoftware on all operating systems that is the most targetedquite often legally, it's simple, follow the moneyso to tell someone on a thread that it is 'overkill' when they can simplytake a few minutes of their time, go to firefox's about:config pageand manually tweak a few settings, which may in effect protect theirprivacy, family, loved ones, help secure their home network etc.and probably even in some cases, their safety, might be a decision theycan choose to make for themselves and decide what is or is not overkillthe logic presented that it is not overkill to install 8 additionalfirefox extensions, which in effect is 8 additional companys, 3rd partys etc.on a stock firefox config but again overkill to edit a few settings...btw, for anyone interested download the xpi file of any addon extension youare installing use this command to extract it:unzip yourxpifilename.xpi * -rthat extracts all the files used to make your extensionyou can search for 'url' 'http' 'https' '.com' '.org' 'update' etc. and find outwhat it is doing if it calls out, some updates you want, some urls are safesay you find a url that you want to change, but often if you change it in one locationonly it can brick your extension, so you can bypass that say for example i wanted to blockany callbacks to 'userstyles.org':grep -rl 'userstyles.org' ./ | xargs sed -i 's|userstyles.org|dummy_url.org|g'then to put all the files back into a xpi archive give it a different nameso you know it's the one you edited:7z a /path/to/directory/yourxpifilename.xpi * -r Share this post Link to post
mxico 0 Posted ... Thanks for the feedback so far, and I'm already dirtying my hands with all these very useful suggestions. Aside from making myself invisible on the internet, one reason I'm particularly interested in live packet monitoring is because I don't ever want to be in a passively defensive state. I don't believe I can 100% prevent myself from getting backdoored if a very persistent hacker or agency desired to do so. I may even let them stick around in my computer. What I'm most interested in, is the types of system monitors and tools I can set up that will let me see any suspicious events as they are happening:- traffic on ports that shouldn't have traffic- system wide process profiles that can sound alarms if a process has been hijacked and using more resources than historically normal- packets going out to destinations unknown to me- suspicious memory behavior (overflows/underruns)- any other illicit activities under the assumption I've already been partially rooted without my knowledge and the invader is beginning to sign more and more of their actions through my superuser Share this post Link to post
OpenSourcerer 1442 Posted ... You're taking about a full-featured, enterprise-level Intrusion Detection System. Or something more open sourcey like Snort or Tripwire. You could look into these first. Edit: A bit more info. traffic on ports that shouldn't have trafficpackets going out to destinations unknown to me Those are detected by network-based IDS. Snort does that kind of detection. system wide process profiles that can sound alarms if a process has been hijacked and using more resources than historically normal This is more the domain for host-based IDS like Tripwire Open Source. any other illicit activities under the assumption I've already been partially rooted without my knowledge and the invader is beginning to sign more and more of their actions through my superuser This is less a domain for IDS and more for live antivirus or, more specifically, rootkit detectors like chkrootkit or rkhunter. Periodically running clamav and/or one of these rootkit detectors might to the trick. suspicious memory behavior (overflows/underruns) I'm not sure they're detectable. I can be wrong. Avoid this by updating your software. Linux does this best, on Windows you could start managing your software via Chocolatey. It's a PowerShell thing based on Microsoft's NuGet infrastructure so it plays along with the rest of Windows. packets going out to destinations unknown to me This is the domain of firewalls. Some suggested pfSense, but you need to know a bit about networking to make it work. It's partly 80% and partly 20%, depends on how bad you want it, I guess Locally I'd say some firewall on Windows and iptables on Linux will do the trick but they don't warn you, they stupidly do what you tell them Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
mxico 0 Posted ... I started doing some research after posting this and saw the same names pop up: snort, chkrootkit, tripwire, nmap, etc. So good to know I'm on the right track. I have a Windows and a Linux/FreeBSD system, and I'm hoping to put the nixbox between Windows and my router for some educational exercises on all this advice. I'd love to run pfsense on the nixbox but I think that means pretty much not doing anything else on it. I understand mixing my "firewall" box with other activities like web browsing and gaming is some of the worst idea for security, but I'm too poor to buy a baremetal Antsle or PA-220 lab unit right now. Luckily I'm not a professional yet and this is all academic. Or maybe I can run Qube OS and segregate my activities that way on the nixbox? I can probably run pfsense that way while doing other things? I've never touched Qube before so not sure how it'll work practically yet. Share this post Link to post
OpenSourcerer 1442 Posted ... I'd love to run pfsense on the nixbox but I think that means pretty much not doing anything else on it. Exactly. It's not even the vanilla FreeBSD kernel, it's a special pfSense kernel based on it. You can add extra packages to the distro to extend its functionality but these are "professional" like proxies, DHCP/DNS servers, monitoring tools, etc. I understand mixing my "firewall" box with other activities like web browsing and gaming is some of the worst idea for security, but I'm too poor to buy a baremetal Antsle or PA-220 lab unit right now Yes, should be avoided. Again, you don't need to throw money at it before you know exactly and without doubts that the functionality provided by the hardware is exactly what you need. Or maybe I can run Qube OS and segregate my activities that way on the nixbox? I can probably run pfsense that way while doing other things? In this case, forget activities that need direct/low-level access to hardware. Like gaming. Qubes OS is if you want to reverse engineer malware in one cube, do banking in another, social networking in a third, so that Tinder doesn't know of your banking activities and/or malicious code can't compromise the other two. I won't answer the second question because all the info is in the Qubes FAQ. Please go through it. Furthermore, I propose that your paranoia is to be destroyed. 1 Shamerock reacted to this Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
whitewolf75 1 Posted ... I second pfSense via nguvu.org guides. He has helped a massive amount in getting my pfsense up and running and making me feel much more secure. I run home automation & security cams in my home and did not want anything phoning home to Asia nor make it easy to hack my systems. The beauty of pfSense to me was that it did not not require special or expensive hardware. I run it on an i3 (AES-NI) w/4GB and some intel NICs. Probably cost $100 USD on ebay. I spent more on the managed switch and APs. 1 go558a83nk reacted to this Share this post Link to post
mxico 0 Posted ... Furthermore, I propose that your paranoia is to be destroyed. This could be depressing, since it's not paranoia, it's just me behaving normally Share this post Link to post
OpenSourcerer 1442 Posted ... Someone's rich live is as normal to them as your life is to you. So your paranoia can appear normal to you, but I see it when I do. Sent via Tapatalk. Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post