Talking about Securing your PC and Cyber Security

posted May 15, 2019, 2:22 PM by Andrew Chadick

Talking about computer and cyber security, so you can be safe on and offline-

You go to your favorite electronics store, buy a PC, and take it home. You boot the new machine up, it asks you your name, a user-name, you create a password, and then the Operating System puts you on a desktop and you are off and running right?

No, you should stop right here. This is a bad setup. You do not want to run your computer as an administrator. Your first step is to go in to the control panel and create a new user account, make it an administrator, set it up with a long and complex password, then login to that new administrator profile. While in that login, change your first login which is the one with your name to a "user" profile type. Remove administrator level permissions.

Why? You simply do not need administrator rights on your computer in order to use it day to day. When you have a machine setup with the primary login having an administrator level privilege, that is where the problems will start. You want to make sure that your daily use profile is something that doesn't have the ability to modify the basic operation of the computer. You reserve that functionality for the admin account. This is true for home and business users.

Reasoning: If an application is executed, and you have 'user' configured as the security profile, the application just runs and you use the tool as intended. If however you try to install an application with 'user' as the security profile, you will be prompted to enter an administrator password. The install won't happen with it. This behavior is what you should want to happen, as this is the best way to have your system configured.

The best practices is for a user profile for daily use and a separate administrator profile that you only use to install intended applications.

Don't use the administrator profile for any daily activities; it's just there to install or uninstall applications. You want your day to day profile to be one that doesn't have the privilege of installing a program. I can't emphasize this point enough.

The biggest reason? What if you accidentally go to a server on-line that tries to run a virus or malware against your machine? If you are running as admin, it can just install, without you doing anything further than accidentally running it... if however you are running as a user account and it tries to install, a prompt will happen, and at this point you will KNOW that something is trying to install, and you can click Cancel. You want this behavior from your computer. You want the machine to question every install. You do not want a program to just install without you being aware.

Again, this is true for a network of employees, to even if you have a single computer with just one person using it, a home machine, work machine, laptop, etc. The separate user and administrator setup is the ideal and the best practice. This form of configuration is known as "Least Privilege".

If you don't give an application the permission to install, and you have made sure that everything within your power is up to date, software, drives, firmware, and there are no known holes in your security, you have the best chance of keeping your machine secure.

Least privilege is your friend.

Passwords? That's not really a question; they are still needed. Not only needed, but they need to be both good and memorable, while at the same time being something that cannot be guessed or surmised by looking at breach data, and your past passwords - it's a balance.

-

You must have a complex (Letters, numbers, symbols) and lengthy set of words that make up you 'password' and it should be at least 16 digits, but ideally somewhere near 30.

-- You know, telling people this part has never been the highlight of any IT admin's day.

No user wants to hear about having a complex and very long password to remember, or yet alone typing it in every day, multiple times a day.

It's frankly a pain, you type it, you miss a key, or mistype it, and it comes back wrong, and you have to redo it all over again. And to compound matters, you have to have a DIFFERENT long complex password for every computer, every profile, every website. But, it's necessary, not optional. You just have to do it. There is a technique that is know as a pass-phrase. Using several words to make up a single password. Its a very good technique, but, I will take that idea a step further; think of creating an email address, but using random words, combined with numbers, using Caps and Lowercase to create the address.

Something like "General 4 Good @ Internet [dot] com. " This password/phrase is pretty easy to remember and its 25 digits, and is complex. If you made passwords like this, a simple brute force script would take a very long time to complete.

Passwords protect your devices on the front end. And while using techniques like a pass-phrase are really good, you should take password security a step further with your devices, with your websites, with everything you do if it's an option... Enable "2 factor" or Multi Factor protection. You will still enter a user-name and password, but you will also enter a third piece of data, generally a piece of data that comes from your phone.

This kind of password protection is ideal under the current best practices.

The next thing for you to keep in mind, is making sure your devices are updated.

Patch all of them. Every time you see a notification that there is a patch, plan to apply it that night before you go to bed; tell the machine to update.

It doesn't have to take up your day, just get it done when you aren't using it actively.

This is true for your phones as well. Make sure to update it and patch the installed applications too. Remember that any tool you use that is classified as a computer has the ability to be hacked. You want to create a situation for yourself where you have the least opportunity to be attacked by someone that wants to do you harm. Remember, that the people out there that hack others, they generally aren't doing it because they know you, or that they care about you, they just want your data. Don't make it easy for them to get it.

This brings me to looking closely at what is installed on your machine, and what is receiving updates, or as the case may be, not receiving them. Take a look at what is installed in your machine. Do you need all the applications that are installed? Especially pay attention to Java and Flash Player. Do you need those? My suggestion, is to remove them both and see if you can live without them. Both of them are historically the most exploited applications you can have installed on your machine. If you use the Chrome web browser, you don't need either of them, Chrome will give you a simulation of both services without having them installed. As for the rest of the applications, do you see any bloat-ware? Do you need them there? If not remove them. Anything on your computer that isn't of use to you has a potential for being a future exploit, either because they have a security hole in them now, or they will have a discovered one in the future, especially if it's an application that doesn't receive any/many updates. Remove what you don't use or need. It's just a good rule of thumb.

Zero Days and hacking: Your computer is a machine that has a few functions, and those include doing a few local tasks, but, most likely, it's biggest role is to connect you to the Internet. Aside from anything else it does for you locally like saving photos, doing a few word doc’s or spreadsheets, most people tend to spend the bulk of their time on-line. Because it connects to the Internet, it means your devices are vulnerable when connected. You can minimize your vulnerability by updating your operating system, updating and patching your applications and reducing the number of unused or unneeded applications on it. So what else can you do? You can protect it with tools that scan your drives, ports, and applications. Block unwanted connections through a software configured firewall. That protection can also come from rudimentary protection programs like Anti-Virus, and Anti-Mal-ware. However, I would add something to that list of tools, something that goes a step beyond and scans not only your applications and what is downloaded and that which runs actively in memory, but, a program that also looks at your Internet traffic, does advanced heuristics on it, and watches where domains are pointed. Something that blocks domains with a negative history, or are known for being parked, or have an un-trusted status. You want something that looks at the current configuration of your machine and watches for changes, and can revert back if there is a problem or unexpected change.

Look to such additional protection systems that scan your DNS, look at packet filtration, and do active monitoring of network traffic. Although all of these functions do slow the operation of your machine down a little, the added protections to a machine you care whether or not it gets hacked are worth it. Make sure that whatever tools you implement have decent reporting, and a way to notify you of what it does, and what it is doing or has logged.

Next up - Zero Days. So, to define: Zero Days are simply an exploit or program that has been written and has not been used in such a way as to have been documented. It means that if it's used against your machine, that your machine will likely succumb to whatever it is written to do. As mentioned elsewhere, ‘least privilege’ and other protections can help mitigate this, but, you will need to be watchful still, and be aware of what traffic is going in and out of your machine, review those reports, look at your log files. If you don't know how to do so, look it up, Google, Bing, DuckDuckGo and others are your friend. And, what if you go somewhere and you think you have gone too far, that your machine has possibly been exposed, and is running a virus… what do you do? RESTORE from BACKUP. Just do it. Don’t take chances. Don’t just reboot and hope it will go away.

What else can you do to protect your machine? What about protecting it while it's turned off? Did you know that your machine can be compromised while it's off? Actually yes it can; someone with a little bit of expertise and time and your computer can do what's called an ‘image of the drive’. In essence, they take an external hard drive, plugging it in to your computer, and booting off of either a thumb drive or a CD/DVD and into an Operating System designed to copy your hard drive in digital form from you. The process quite literally copies every piece of data from your current drive to the portable drive they brought with them. This system can be as compact as 2 thumb drives, or SIM card sized memory chips, depending on the type of storage being used. By taking an image, it makes it so that the hacker can take their time in getting in, and work on it at their leisure.

When your machine is turned off, and you get back to turn it back on, you will have no way of knowing if your computer has been touched, as there will be no log files changed. Your OS will not have run. Your drive and it's data will simply be copied.

So, what can you do in this ‘imaged drive’ scenario? You prepare for it in advance. You encrypt your hard drive. Disk encryption is something that has been around for actually quite a while. I would say going back the early 1990’s on the desktop but getting traction before 2010. There have been many programs written to encrypt drives, or create special containers that take up a portion of your hard drive space, and create an encrypted file. Using both of these methods together is the ideal way of protecting yourself and any data you hold as being very important, as reversing two sets of encryption is a daunting task to any thief. This is also true for your smart-phone as well. If disk encryption is available, use it, and create a strong password that protects it.

Lastly, the final thing you can do to protect your privacy and yourself on-line is to be as anonymous as you can possibly be while connected to the Internet.

You can do this in a number of ways, and it does take a little time, has varying levels of anonymity, it can take diligence to make sure it’s still protecting you, and includes just simply being careful and observant. One of the best and most easily used ways is to engage with a Virtual Private Network (VPN) service.

If you go this route, I recommend that you use a paid one; that way you have an expectation of getting what you pay for out of the service, and you get certain guarantees. You can use browser search engines like duckduckgo so your searches aren't tracked. You can make sure that you don't sign in to any websites while you surf the Internet. Remember to clear your cache, cookies, and temp files every time, or set your browser to automatically clear them for you.

VPN tunnels to a point, protect you from having your Internet connection’s packets from being sniffed, which is a technique that many hackers utilize to monitor network traffic and obtain your user-names and passwords when being transmitted on-line. Some hackers can even do man in the middle attacks, which, are a way of intercepting your Internet traffic and running it through their computer so that they can get your data. This works even on SSL traffic to different websites providing that you go directly to the site once connected. The VPN tunnel creates an encrypted pathway from your connection to outside of the network you are in, and effectively places your computer into a network on the other side of the world, limiting your exposure to certain forms of hacking. It’s definitely a means to protect your machine on-line when you are traveling, or in a network that you don’t trust.

For those that are always in untrustworthy networks; You can even go a step further, and boot off of a thumb drive, or DVD to an alternate OS, which automatically uses a VPN and destroys itself when you turn off your computer. This form of privacy protection is the ultimate way of protecting yourself on-line. Why would you go this far when a VPN tunnel to a service provider offers pretty good protection? Because a temporary Operating System offers you the protection of nothing being stored on your hard drive. Nothing can be physically taken from you. You don’t have to worry about imaging, or even browser exploits that steal stored passwords. Every time you boot, you have a fresh operating system. It’s an option for those that want it.

As with all information and advice, you should take it in, research the topics given, and make your own informed decisions. Don't just take our word for it.

Comments