A (more) secure machine/host

sparta

Internet Security is based on a slew of old myths, which reach their most ‘refined’ form in RandomSource, which in turn of course derived from the original Rule of Least Power episode ‘Planet of Wobbly Rocks where the Security Guard Got Shot’.

The items, tools and ways on this page are a first line of defense.

Choice of OS

Windows is a closed box, you never know what you gonna get and it doesn’t look like chocolate to me. Oh, wait …

Linux is the best choice for a secure and private OS. It is free as in “users have the freedom to run, copy, distribute, study, change and improve the software” and there is no money trail linking to a product ID.

There are several linux distributions to choose from. Debian is probably the most secure option. Some of the items below are only for securing linux (hosts) (*).

Encryption

Choose your encryption strategy in alignment with your threat model. All Operating Systems (linux, windows, mac) support Logical Virtual Memory (in alphabet-soup-speak named “LVM”). If you are setting up a dedicated (more) secure host for running virtual machines, full disk encryption is recommended.

Turn camera off

Tape the camera. It may even be possible to turn it off in BIOS (depending on your version).

[linkview show_cat_name=”0″ cat_name=”Camera”]

Turn microphone off

Windows: Go to Control Panel -> Sound -> Recording and right-click and choose “disable” and then ‘OK’. Or, in Hardware -> Manage Audio Devices -> Sound you can configure the microphone.

Linux: Mute it using alsamixer.

Mac: Launch System Preferences, click on Sound, select “Line-in” on Input tab, and close. As long as you don’t actually have any audio input device connected, such as an external microphone or some other line-in device, this method is very effective.

Manage passwords

Using a password manager allows you to load passwords in your clipboard, making it hard to catch it with a keylogger (if any). And all good password managers allow you to generate passwords, making the passwords independent from your personal preferences and harder to crack. If you want to try your hand at cracking your own (current and new) passwords, try one of these.

[linkview show_cat_name=”0″ cat_name=”Organise and encrypt passwords”]

Learn to use a firewall

One of the must have component on your computer is a firewall:

In computing, a firewall is a software or hardware-based network security system that controls the incoming and outgoing network traffic by analysing the data packets and determining whether they should be allowed through or not, based on applied rule set.

[linkview show_cat_name=”0″ cat_name=”Firewall for Beginners”]

Configure sysctl (*)

sysctl is a tool for examining and changing kernel parameters at runtime.

[linkview show_cat_name=”0″ cat_name=”sysctl”]

Further hardening debian host (*)

Run Tiger and further harden your host.

[linkview show_cat_name=”0″ cat_name=”Hardening debian”]

Integrity of your system

Keep your system up to date. Defend your system from keyloggers, viruses and worms. Use intrusion-detection-systems.

Having an open wireless network can be a major security risk. Anyone close enough to your router, a neighbour or a war driver, could potentially gain access to your network. Even when disallowing wireless, it is a good idea to manage that box.


Leave a Reply

Your email address will not be published. Required fields are marked *