Security

Discussion in 'Technical' started by DarkLight, Jul 3, 2016.


  1. DarkLight

    DarkLight I self identify as a Blackhawk Attack Helicopter! Site Supporter

    Numerous times since I joined the forum we have had questions and resulting threads show up about security in many different forms. While I'm not expert on all forms of security, in fact I'm woefully ignorant on many, I have a fair amount of experience on the technical side of security and plan on writing up some how-to posts/articles on said topic. Things I plan on addressing include:
    • Online security
    • Online anonymity
    • Securing your data
      • At home
      • In the cloud
      • On removable media
    • Securing your home/personal network (to the greatest degree possible)
    • Tools you can/should use on a regular basis
    Some of this will likely morph into additional how-tos and posts on alternative operating systems as well as detailed walk-throughs for people looking to leverage what is discussed.

    I know that some folks are reticent to make the switch to Linux, for example, without having any safety net to fall back on. Others don't really know where to start with online security and all the "geek talk" goes right over their heads and they tune out. The idea is to make the technical security accessible to anyone, and I do mean anyone.

    If you have questions you'd like answered, here is a great place to post them (as the shoutbox purges after a fixed interval) and I'll throw it on the list if I can.

    I also don't have to be the only one to contribute. Please feel free to write up anything you are comfortable with, just make sure you tag it so we can find it. I may also go as far as begin keeping an updated list of links here in this thread (possibly even in this first post).
     
    Motomom34, Brokor, Ganado and 6 others like this.
  2. Bandit99

    Bandit99 Monkey+++

    I look forward to this and to any ideas to become more secure. Currently, I use a backup 64Gb USB flash drive to hold all my important data files. I encrypt all these important files with a 256bit encryption that turns the file into an .exe which executes after given the correct password. This drive then is kept in my safe along with our laptops.

    I will be making two changes shortly:
    1. I will look at a new encryption program called VeraCrypt which is open source (replaced TrueCrypt)
    (I would be interested to know if you have heard/know VeraCrypt and your opinion)
    2. Obtain a 256GB Flash USB and password protected the entire drive giving three layers of protection: Safe, password of the Flash drive and files are encrypted.
     
  3. ghrit

    ghrit Ambulatory anachronism Administrator Founding Member

    Do we want to limit the security questions to electronic, or also to address the car, home, business and so on?
     
    Tully Mars and sec_monkey like this.
  4. sec_monkey

    sec_monkey SM Security Administrator

    One word Linux ;) [lolol]
     
    VisuTrac, Brokor and Ganado like this.
  5. Tully Mars

    Tully Mars Metal weldin' monkey Site Supporter+

    I'd like to see a separation between the 'puter stuff and the car,home,ect.
    My [2c] for what its worth
     
    sec_monkey likes this.
  6. DarkLight

    DarkLight I self identify as a Blackhawk Attack Helicopter! Site Supporter

    Depends on how we structure things. I'd like to address it all but it definitely needs to be separated. I have a separate thread under cover of PM to discuss this.
     
    Ganado likes this.
  7. hitchcock4

    hitchcock4 Monkey

    @DarkLight -- I think this is a great idea -- I might be a semi-expert, and I value the opinion of others looking at my ideas to see if they are "sound".

    In the realm of Online Backup - here are my thoughts. As mentioned I value others thoughts on this.
    1. I think you should have 3 backups for the most important of data:
      • In the house, hopefully in a fire-proof safe
      • Off-site (bank box/workplace/relatives' house) obviously this one HAS TO be encrypted
      • Cloud-storage (encrypted as well)
    2. Backups can be rotated, as it would be hard to back up files, get them off-site, keep them up to data every week, etc. I always have either a USB backup of my most recent file or an online backup that runs at the end of every day.
    I will briefly talk about what I want to do with the cloud storage. Even pictures (keepsakes) are important to people, and if you have a personal disaster (fire or flood in the house) the pictures are important to people.

    Pictures can take a LOT of space if you have enough.

    I also don't trust Google, Amazon, Microsoft, Apple for cloud storage. They are the "big guys" and somehow I just can't get past using them to store my pictures and/or confidential data.

    Late last year I found a beta test for a new program (at an established web site, although I had not heard of them before last year. "Backblaze" new program is called B2 and it is now out of beta and in the 1.0 stage. Here are my comments so far on it.
    • They seem like a company with great customer support.
    • They are not Google/Microsoft/Amazon/Apple.
    • They have worked to get integration with a good # of backup programs that run locally (on PC or Mac) to get your data backed up to the cloud.
    • They claim to have the lowest cost cloud storage on the planet: $0.005 per GB a month. The first 10GB are free!!
    • They will let you upload a single file up to 10TB in size (warning, special procedure, haven't tried that yet)
    • I have used it moderately in the last 6 months with no issues, even in beta testing.
    • Warning: They do charge to restore your data, but so do most of the "big guys" out there. The idea being, back up as much as you want, and if you actually do have a data emergency, you should be willing to pay to get it back. On the "free" plan you can download up to 1GB of data per day for free.Not bad really, since if you are storing 10GB you could re-download all of it in 10 days (for free).
    • Disclaimer: I do not work for BackBlaze/never have, just a happy customer so far.
    • You can read about B2 pricing here: Cheapest Secure Cloud Storage Provider: B2
    • You can compare B2 with other guys here: Amazon S3 vs Microsoft Azure vs. B2 Cloud Storage Pricing
    • You can see what programs B2 integrates with here: Integrations I plan on trying Cyberduck, but have been using HashBackup on Windows.
    To be continued/more later...
     
  8. Ganado

    Ganado Monkey+++

    @DarkLight this is a great idea, I know i have holes in all my security but it all takes time. Logistically i have to set priorities so anything that doesnt require hours and hours is a plus for me.

    @hitchcock4 great info, my problem with the data storage is it is still located in the United States. I won't do cloud storage in usa, Brittan, France, or Germany
     
    Tully Mars likes this.
  9. sec_monkey

    sec_monkey SM Security Administrator

    cloud backup aint safe anywhere just sayin
     
  10. Brokor

    Brokor Live Free or Cry Moderator Site Supporter+++ Founding Member

    On cloud storage, it's safe to say the big dogs aren't the best option. I will add that some private hosts do provide cloud storage (and for free), so if you purchased a domain, you have the option to use cloud storage this way along with standard FTP storage with the domain. This will not stop the feds, who can find a legal means to access your data, but it's safer than Google.
     
    Bandit99 and sec_monkey like this.
  11. VisuTrac

    VisuTrac Ваша мать носит военные ботинки Site Supporter+++

    For physical backups or offline deep storage of 'Important private things'
    I've been using Apricorn Aegis Secure Key USB thumb drive
    [​IMG]
    and Apricorn Aegis Padlock external hard drives.
    [​IMG]

    they offer protection from rubber hose password extraction technique.
    you give them the wrong password or they attempt to 'guess' your password.
    It basically self-destructs and the data is no longer retrievable .. not even by you.

    I like them because they are platform independent. Linux, windows, mac and embedded systems.

    What's not to like about a PIN that's 15-16 digits long. ;)

    Oh by the way, don't forget your PIN, if you do .. all data is lost.
     
    Tully Mars and Brokor like this.
  12. Brokor

    Brokor Live Free or Cry Moderator Site Supporter+++ Founding Member

    I agree with @VisuTrac on the Aegis. Lesson learned. Awesome equipment right there.
     
  13. Bandit99

    Bandit99 Monkey+++

    @VisuTrac "Oh by the way, don't forget your PIN, if you do .. all data is lost."

    I assume one gets more than one chance to get password correct? I would be interested if so but if not - well - it might just be too secure. Please advise.

    On cloud storage...I just cannot make myself do it, too paranoid. I know. I know...
     
    Tully Mars and sec_monkey like this.
  14. Brokor

    Brokor Live Free or Cry Moderator Site Supporter+++ Founding Member

    Aegis Secure Key 3
    I believe it's programmable to accept up to 20 consecutive incorrect entries. Visu can add to this since I still use an older drive which is similar.
     
    VisuTrac likes this.
  15. VisuTrac

    VisuTrac Ваша мать носит военные ботинки Site Supporter+++

    It has a couple of modes. One is type in the self destruct password .. it's all gone. The other is guess 10 x .. it's gone I believe the attempt threshold is adjustable .. but I left it alone as I'm getting older and may forget/fat finger the pin and don't want to tempt fate.
     
    Brokor likes this.
  16. Brokor

    Brokor Live Free or Cry Moderator Site Supporter+++ Founding Member

    Yeah, I just did a little reading on them to refresh my memory. The original version is 10x then it destroys the data, version 3.0 is programmable up to 20x attempts, then it's either programmable or 20x standard for the other drives. So, it's good for those who forget passwords, not good for hackers.
     
  17. Bandit99

    Bandit99 Monkey+++

    This looks like exactly what I need to replace mine. I think I am leaning toward the older 2.0 version since mine is strictly for data backups (no apps or etc.) and apparently people are having trouble with the 'timing out' of the device while it is in use - meaning - they have to go through the login procedure again, just annoying. The things are not cheap! I assume their reliability is worth the money because I would need two (2nd to backup the backup in case of failure)?
     
  18. Brokor

    Brokor Live Free or Cry Moderator Site Supporter+++ Founding Member

    Trust me, they are a lot cheaper than the one I bought back in 2006. It's an Ironkey™ and it ran me over $250 and it was only 4GB and not nearly as secure as the Aegis.
     
  19. Ganado

    Ganado Monkey+++

    so, if I haul it around in my purse when I travel, how well will it hold up?

    I have cheap usb drives and they are ok but they do fail after a few months
     
  20. VisuTrac

    VisuTrac Ваша мать носит военные ботинки Site Supporter+++

    No they are not cheap because they are not 'Consumer' grade.
    There are plenty of removeable hard drives and USB memory stick out there for a lot less.

    But after stress testing a Western Digital 256 GB external drives vs a 256 Gb 2.0 Padlock for 6 months (read write 56GB of data each day). We finally got a real backup system to store the SQL server data and only used the Padlock for offline and offsite backups.

    The WD's died almost consistently after 30 days. Padlock drive is still in use after 3 years.

    Yes, there will be almost no users that would beat the hell out of their offline storage this way but knowing it can be done gave me piece of mind to buy a couple for my own use. I felt they were worth the cost and the PIN keeps it secure as I'm ever going to need.
     
    Ganado likes this.
  1. Motomom34
  2. Yard Dart
  3. greathomesteader
  4. greathomesteader
  5. GhostX
  6. Motomom34
  7. svjoe
  8. Yard Dart
  9. Salted Weapon
  10. Yard Dart
  11. Yard Dart
  12. Motomom34
  13. sec_monkey
  14. Motomom34
  15. sec_monkey
  16. sec_monkey
  17. lonewolf88
  18. stg58
  19. Garand69
  20. sec_monkey
survivalmonkey SSL seal        survivalmonkey.com warrant canary
17282WuJHksJ9798f34razfKbPATqTq9E7