Jump to content
Not connected, Your IP: 3.143.241.253
mxico

Serious tips for securing my computing domain and activities

Recommended Posts

I'm making a concerted effort in becoming fully conscientious of information security both in my own computers and the networks I connect to starting from my ISP's router at home, and I'm looking for some recommended defensive methods and current reading materials.

 

For the more security conscious here, what are some of your ways of monitoring your day-to-day security?

 

Do you use a second computer as a custom firewall?

 

Do you have Wireshark running in the background and check it every 15 minutes?

 

Not really looking for "overkill" type judgements as it's an interest of mine and I hope to start a career in UNIX systems administration in the future.

 

Recommendations are greatly appreciated

Share this post


Link to post

I'm making a concerted effort in becoming fully conscientious of information security both in my own computers and the networks I connect to starting from my ISP's router at home, and I'm looking for some recommended defensive methods and current reading materials.

 

For the more security conscious here, what are some of your ways of monitoring your day-to-day security?

 

Do you use a second computer as a custom firewall?

 

Do you have Wireshark running in the background and check it every 15 minutes?

 

Not really looking for "overkill" type judgements as it's an interest of mine and I hope to start a career in UNIX systems administration in the future.

 

Recommendations are greatly appreciated

I recommend Pfsense as a firewall/router and use a few clients (on pf) to connect to Air.

For configuration of Pfsense use this forum and you can have a look overhere:

https://nguvu.org/pfsense/pfsense-baseline-setup/

https://nguvu.org/

For a good oversight look at this:privacytools.io

About several Privacy/security-subjects :restoreprivacy.com

 

Gr,

   Casper

Share this post


Link to post

PFSense is a great budget DIY solution for a firewall/router, especially if you happen to have a spare computer laying around.

If you have money to spare, you could look into things like Palo Alto 220. Lab units can be bought for few hunded bucks and yearly license is maybe $100-200 depending on what you want. Might be a little overkill for home networks, but it is a nice thing to play with.

 

Checking Wireshark every 15 minutes is overkill imo, as it takes some time to actually read and understood the output. I would rather just keep something like TCPview on your secondary monitor, as you spot some of the abnormal activity from it aswell.

 

Depending on what machines are on your network, you should be doing some network segregation. Workstations on their on VLAN, IoT devices like your smartfridge or toaster on a different VLAN and possible network accessible machines on a DMZ VLAN. Then some basic rules on your firewall to allow workstations to connect to other VLAN but not vice-versa.

Share this post


Link to post
Posted ... (edited)

one of the main resources i use is eli the computer guy on youtube

 

and watch a lot of defcon / tech vids

 

after a while everyone finds out what they need and like for their own situation

 

how i run arch is probably not good for most, flawed and completely different than

 

the way someone else might run arch, i loaded up manjaro the other day for a looksy

 

and got lost in it, straight up, got lost, way too much for me

 

but to answer your question, i think the first thing to be identified is the actual concern,

 

the term 'threat model' is often used but not too often given to real world terms,

 

meaning 'conditions on the ground' application

 

for most folks in my area, norhteast united states it's the ISP, Verizon, the major players

 

that are the real threat, and that is generic, legal datamining

 

this has nothing to do with ethics, morales etc. this is about money, big money

 

these companies have 24 PHDs and a floor full of extremely talented programmers

 

all backed up by big lobby and another room full of lawyers,

 

for a real world grasp, shut off cookies and javascript, go to facebook's home page,

 

right click on it, view page source, and what you will be looking at is code that is worth

 

billions of dollars

 

company i used to work for, i used to sell microsoft networks back in the day

 

we were a certified dealer, had microsoft staff in the shop once in a while,

 

we had some state contracts here in PA and lots of minor day to day floor traffic

 

fixing Dell boxes etc.

 

back then, before the merge between the cellular industry and internet,

 

just like anyone else, if you would have said 'meta data' was going to be a game changer,

 

well that would have not been too high on the list to say the least

 

you got to remember, nobody had a phone in their hand that could chat, make a call, run a webcam,

 

trade stocks in Europe and order donuts for the techs, the infrastructure wasn't there yet

 

and that is to my poin: the operating systems back then were on the right track,

 

they were lean, Windows 2000 was on the right track, i literally at that time built custom DAW

 

workstations on that operating system, on those drivers, they were stable, solid, did nothing fancy

 

so software in general, was not built with 3rd party involvement, no outgoing connections,

 

all anyone had to do in microsoft land was take the best of Windows 2000, the best of Windows 7,

 

lean it up a bit, get rid of any and all bloat, harden it and you would have had a super bad ass

 

kill linux box operating system, and the gamers themselves would have taken it over

 

at that point, software was still written with the business model that sales and license fees

 

make the buck, income stream, once the cell industry and the ISPs merged, the dynamic,

 

the motive really to how and why software gets coded, the purpose of design, changed dramatically

 

linux is no better, it just got lucky because it held very little interest in the desktop market

 

if linux would have traded spots with microsoft or apple, same problems, and you can actually see it starting

 

already today, the pre rolled distros, first thing they want to do, connect, call out, even Kali,

 

connect, call out and all the other pentest distros, if you have a live distro for pentesting well don't ya think

 

thte first thing ya want shut off and down at boot is connecting to anything?

 

see my point?

 

meta data is the game changer, that simply translates, once scaled, into raw political force in any country

 

and it goes all the way back to what a PHD dude from Cambridge Analytica stated, and the bruh was spot on:

 

'the problem with facebook aka social media, operating systems phones apps etc is the business model'

 

ask yourself, why hasn't anyone taken the best of tor, maybe made it more wide, why is http even allowed still,

 

and so on, coz of money, so what we see and view is almost 100%  'human hacking'

 

what does this got to do with your orginal post? everything, coz now you know what is the primary target,

 

where the payload goes to: me and you

 

and we are the problem, the real world problem

 

i'll back that up: you look at facebook, we literally give them all of our data, access to everything, for nothing

 

we pay our ISP's bill to then give our friends, family, coworkers and on an on to a corporation built on a business model

 

of this: the more they collect, the more they sell, the more they make

 

ya got to remember the one advantage i may have, with anyone my age is perspective, i knew the net before the cell biz ISP merge

 

i knew Microsoft and worked indirectly for them before the merge

 

if you sugar coat the poison is the human hack here

 

i'm not different, if iwas a programmer and the boss walked up to me and said 'build this OS or app and if we make xyz deadline or meet

 

xyz approval you will make xyz amount of additional income, i'm in'

 

same deal with a website database, if i build a shithole that does xyz but also gets really popular and i collect the right data that is sought after by

 

the ad industry, you walk up to me and go 'i'll give you x amount of dollars'

 

i'm probably gonna sell

 

hit the about:config url in mozilla and search 'url' search 'social' search 'wifi' search 'remote' search 'update' then extract all your plugins and extensions

 

etc you will see how much of what you do is collected and piped to 3rd partys

 

just look at google ssafe search as example, can you really get any more full of shit

 

so going back the purpose of design, the motive, that's the threat, that's the flaw, that's what needs to be hardened

 

linux in genearl isn't popular, malware authors code exploits to make money, bot authors want their networks running smooth

 

so most of that 'financial targeted' exploits is aimed at the popular stuff

 

gentoo and arch is even less popular, and the thing is if you have your own repo, roll your own kernel, just by modding your stuff

 

'your way' coz i say 'fuck the arch way', your on linux to do it the way you want, you just left shit operating system closed source

 

where someone else told you how to roll'

 

case in point in legal datamining, almost all of the linux community is on that shit data mined irc server freenode

 

even the tor developers don't run an onion server well at least listed anyway

 

harden the browser, harden your linux, best ya can, biggest threat to my local to my box is me, the monkey at the keyboard

 

and i'll say this in Mark Zucerberg's favor and any social media business with any kind of voting system, coz that is and has been

 

the multibillion dollar click, just beautiful all the way to the bank:

 

those companies saw and applied a value metric to our data, to our click, they applied a value to what we think and do and who with

 

and that right there is a very serious tough pill to swallow

 

Mark Zuckerberg has a jet in his driveway not because he even exploited my data, or was unethical with it

 

but mainly because he offered me a like button that i could click on to give a voice on his platform

 

so the real problem that Cambridge Analytica was talking about, coz for them that was business as usual

 

is until the internet as a whole gets together and decides that their network traffic is theirs, should be protected

 

like a utility world wide, such as water, gas, electric, coz today it is exactly that, my ISP Comcast is a utility without the

 

correct use of government regulation, at the federal level, why shit gets wild west treatment still,

 

same flaw as when Enron went in to California and manipulated the power grid

 

i'm no diff, you put me as a day trader behind a business model i can exploit to make x million in 3 hours

 

i'm in, i'll smash that like button all the way to the bank

Edited ... by tokzco

Share this post


Link to post

Remember the Pareto principle: You do 80% of the work with 20% of your effort. So don't make the mistake to do too much, otherwise you disappear so much that you begin to stand out again.

  • Surf with less eyes following you by simply installing a few addons. You use your browser to get info and fully automated tracking measures are much more difficult with this. 20% effort, 80% effect.
  • Replace closed source with open source software. You can never know what is being done behind the door, but you or someone you trust can by looking at the code of open source software. Again, 20% of effort leads to 80% of the desired effects.
  • If you purchase hardware, you do so because you need a feature that this hardware is designed to automate for example. You do 80% of effort because money is a very expensive resource, yet you only gain 20%. Same with software: Applying completely overkill patches to software (like the "Ultimate hardening of Firefox guide via prefs.js" thread) takes a great piece of your own comfort away (80%) only so that a few sophisticated and expensive tracking methods (which might not even exist) cease to have an effect on your client (20%).

K. I. S. S. Keep It Simple Stupid. And you get more than you do by thinking about it in the most paranoid way.


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

i'll play along...

the thread is called:

SERIOUS TIPS FOR SECURING MY COMPUTING DOMAIN AND ACTIVITIES

the web browser is the one piece of

software on all operating systems that is the most targeted

quite often legally, it's simple, follow the money

so to tell someone on a thread that it is 'overkill' when they can simply

take a few minutes of their time, go to firefox's about:config page

and manually tweak a few settings, which may in effect protect their

privacy, family, loved ones, help secure their home network etc.

and probably even in some cases, their safety, might be a decision they

can choose to make for themselves and decide what is or is not overkill

the logic presented that it is not overkill to install 8 additional

firefox extensions, which in effect is 8 additional companys, 3rd partys etc.

on a stock firefox config but again overkill to edit a few settings...

btw, for anyone interested download the xpi file of any addon extension you

are installing use this command to extract it:

unzip yourxpifilename.xpi * -r

that extracts all the files used to make your extension

you can search for 'url' 'http' 'https' '.com' '.org' 'update' etc. and find out

what it is doing if it calls out, some updates you want, some urls are safe

say you find a url that you want to change, but often if you change it in one location

only it can brick your extension, so you can bypass that say for example i wanted to block

any callbacks to 'userstyles.org':

grep -rl 'userstyles.org' ./ | xargs sed -i 's|userstyles.org|dummy_url.org|g'

then to put all the files back into a xpi archive give it a different name

so you know it's the one you edited:

7z a /path/to/directory/yourxpifilename.xpi * -r

Share this post


Link to post

Thanks for the feedback so far, and I'm already dirtying my hands with all these very useful suggestions.

 

Aside from making myself invisible on the internet, one reason I'm particularly interested in live packet monitoring is because I don't ever want to be in a passively defensive state.

 

I don't believe I can 100% prevent myself from getting backdoored if a very persistent hacker or agency desired to do so. I may even let them stick around in my computer. What I'm most interested in, is the types of system monitors and tools I can set up that will let me see any suspicious events as they are happening:

- traffic on ports that shouldn't have traffic

- system wide process profiles that can sound alarms if a process has been hijacked and using more resources than historically normal

- packets going out to destinations unknown to me

- suspicious memory behavior (overflows/underruns)

- any other illicit activities under the assumption I've already been partially rooted without my knowledge and the invader is beginning to sign more and more of their actions through my superuser

Share this post


Link to post

You're taking about a full-featured, enterprise-level Intrusion Detection System. Or something more open sourcey like Snort or Tripwire. You could look into these first.
 

Edit: A bit more info.

 

traffic on ports that shouldn't have traffic

packets going out to destinations unknown to me

 

Those are detected by network-based IDS. Snort does that kind of detection.

 

system wide process profiles that can sound alarms if a process has been hijacked and using more resources than historically normal

 

This is more the domain for host-based IDS like Tripwire Open Source.

 

any other illicit activities under the assumption I've already been partially rooted without my knowledge and the invader is beginning to sign more and more of their actions through my superuser

 

This is less a domain for IDS and more for live antivirus or, more specifically, rootkit detectors like chkrootkit or rkhunter. Periodically running clamav and/or one of these rootkit detectors might to the trick.

 

suspicious memory behavior (overflows/underruns)

 

I'm not sure they're detectable. I can be wrong. Avoid this by updating your software. Linux does this best, on Windows you could start managing your software via Chocolatey. It's a PowerShell thing based on Microsoft's NuGet infrastructure so it plays along with the rest of Windows.

 

packets going out to destinations unknown to me

 

This is the domain of firewalls. Some suggested pfSense, but you need to know a bit about networking to make it work. It's partly 80% and partly 20%, depends on how bad you want it, I guess

 

Locally I'd say some firewall on Windows and iptables on Linux will do the trick but they don't warn you, they stupidly do what you tell them
 


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

I started doing some research after posting this and saw the same names pop up: snort, chkrootkit, tripwire, nmap, etc.

 

So good to know I'm on the right track.

 

I have a Windows and a Linux/FreeBSD system, and I'm hoping to put the nixbox between Windows and my router for some educational exercises on all this advice.

 

I'd love to run pfsense on the nixbox but I think that means pretty much not doing anything else on it. I understand mixing my "firewall" box with other activities like web browsing and gaming is some of the worst idea for security, but I'm too poor to buy a baremetal Antsle or PA-220 lab unit right now. Luckily I'm not a professional yet and this is all academic.

 

Or maybe I can run Qube OS and segregate my activities that way on the nixbox? I can probably run pfsense that way while doing other things? I've never touched Qube before so not sure how it'll work practically yet.

Share this post


Link to post

I'd love to run pfsense on the nixbox but I think that means pretty much not doing anything else on it.

 

Exactly. It's not even the vanilla FreeBSD kernel, it's a special pfSense kernel based on it. You can add extra packages to the distro to extend its functionality but these are "professional" like proxies, DHCP/DNS servers, monitoring tools, etc.

 

I understand mixing my "firewall" box with other activities like web browsing and gaming is some of the worst idea for security, but I'm too poor to buy a baremetal Antsle or PA-220 lab unit right now

 

Yes, should be avoided. Again, you don't need to throw money at it before you know exactly and without doubts that the functionality provided by the hardware is exactly what you need.

 

Or maybe I can run Qube OS and segregate my activities that way on the nixbox? I can probably run pfsense that way while doing other things?

 

In this case, forget activities that need direct/low-level access to hardware. Like gaming. Qubes OS is if you want to reverse engineer malware in one cube, do banking in another, social networking in a third, so that Tinder doesn't know of your banking activities and/or malicious code can't compromise the other two.

 

I won't answer the second question because all the info is in the Qubes FAQ. Please go through it.

 

Furthermore, I propose that your paranoia is to be destroyed.


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

I second pfSense via nguvu.org guides. He has helped a massive amount in getting my pfsense up and running and making me feel much more secure. I run home automation & security cams in my home and did not want anything phoning home to Asia nor make it easy to hack my systems.

 

The beauty of pfSense to me was that it did not not require special or expensive hardware. I run it on an i3 (AES-NI) w/4GB and some intel NICs. Probably cost $100 USD on ebay. I spent more on the managed switch and APs.

Share this post


Link to post

Furthermore, I propose that your paranoia is to be destroyed.

 

 

This could be depressing, since it's not paranoia, it's just me behaving normally 

Share this post


Link to post

Someone's rich live is as normal to them as your life is to you. So your paranoia can appear normal to you, but I see it when I do.

 

Sent via Tapatalk.


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
Guest
This topic is now closed to further replies.

×
×
  • Create New...