I often get asked what do I personally use to ensure that my data is protected. What are the steps that a person studying Information Security goes through to protect their data? Now with reports out of the NSA gathering our data, it is important that privacy stays intact. Not just from hackers, but from prying eyes in general now.
So here goes, My current setup.
Hardware:Desktop, Dual boot Windows & Arch Linux
(Windows partition is only used for video games.)
- Bios password
- Windows Hard drive is truecrypt on boot.
- Arch Hard drive is Luks + Stacked file encryption (allows duress password,etc) Read more
- Other hard drives with various media are truecrypted
- Sensitive data is kept in truecrypt containers hidden with other extensions
- Screensaver + password lock
- Truepanic installed for panic mode, which automounts + shutdown when tripped
(Fresh install, sensitive data is only temporary when on the move)
- Bios password
- Truecrypt hard drive on boot
- Truecrypt container for sensitive data.
(Used only on the go. sensitive data is only temporary when on the move)
- Bios password
- Luks + stacked file encryption
- sdcard password
- Sim card password
- Android lockscreen password
- Lock screen password
Data:VPN + SSH tunnel
- I own two different virtual private servers for this connection. They are both in different datacenters in different countries.
- I noticed that my vpn dropped connection when being Man-in-the-middled in Windows. So I use the ssh tunnel (socks proxy) on top of the VPN just in case.
- My netbook is set by default to not send any connections unless on a vpn. Firefox only works on the ssh tunnel.
- Despite firefox being arguably insecure and bloated with leftover code, I trust it more than chrome, IE, and opera. Firefox runs much better on Arch than on Windows from what I've seen
- I use a few addons for it:
- Adblock Plus
- Less Spam, please
- QuickProxy (for quick change ssh tunnel)
- Tamper Data (Testing purposes)
- Https Everywhere
I understand that all my data is encrypted, but what if someone manages to hack the things I login to, or worse?
- I do not reuse passwords or have the same password for mutiple things.
- I use 2 factor authentication whenever possible.
- I use lastpass to store all the random passwords and such.
- I do not trust lastpass fully though. Although I do have enabled:
- Only being allowed to login from a certain country
- 2 factor authentication
Thoughts on Tor
I do not trust Tor. I understand Tor's goal to be anonymous on the internet, but I would not trust it with logging into accounts. Tor has its uses, like bypassing filters and such. Anyone can be a exit
node on the network and listen to traffic. "As Tor does not, and by design cannot, encrypt the traffic between an exit node and the target server, any exit node is in a position to capture any traffic passing through it which does not use end-to-end encryption such as TLS (Wikipedia)".
Caveats / Problems / IssuesSomeone could control cell and grab the 2 factor setup codes, thus gaining access to many accounts. There is no standard way to encrypt cell phones or provide better security for them.
I do not use antivirus. I believe we should be educated enough to not download malware. I do not use Java either. Anything that you are suspicious of being malware can be uploaded to virustotal, and then ran in a virtual machine / sandbox environment. Every once in awhile I'll run malwarebytes just for peace of mind.
Truecrypt seems a bit untrustworthy, I do not like their license. Although their encryption has proven to be sound.I do not like relying on it for all my data though.
Someone could be listening on the end of the vpn. This is unlikely because I own the server which is running the vpn. Somewhere in the facility all traffic could be getting captured though. The ssh tunnel encrypts that data. I also own the server where that tunnel is going. Which someone could sniff the traffic from that as well. It's all relying on ssl from there.
I am looking for an alternative to truecrypt. Full disk encryption with enncrypted file containers with full support on multiple operating systems.