I use a Chromebook which prevents me from getting 99.9% of viruses or malware. I love the fact that I load it and it loads quick and I know whats running. The thing that probably slows it down the most is that I tend to open a dozen or more tabs, so it does experience crashing when it runs out of memory. That's about it.
>If the answer is no, then you've very little to worry about as long as you practice good security habits.
This is very hard to define. I have all my servers on cloud locked down and can only ssh with keys (No passwords) and everytime I look at the access log, it just makes me sweat seeing all the "drive by" ssh access attempts using standard usernames (which I don't use) and even unstandard user names (like "mother", "suser" etc).
Almost like returning home and seeing unknown footprints outside your home door. You know the door is secure, the window is bolted and you have an alarm. But still it's unnerving.
Basic practices I follow:
Don't run services with a user that has root access.
SSH only with keys
Open up ports on Azure portal only for required services.
Have you tried/are you interested in setting a different port number on the server? Setting a different port number and using ssh_config on your clients (so you don't have to keep specifying the different port) helps a ton. I've done this with a Google 2FA solution[1] and honestly haven't seen a single rogue attempt.
While most guides/books on initial setting up sshd explain the usual stuff - e.g.: allow only key auth, no root ...etc.
Changing ssh port from standard (I literally forgot, is it 22?) to something else is one of those things you pick up in the field.
Usually only once you actually had to maintain production servers. And hopefully before some of the fancy things (e.g.: port-knockers) failed and locked you out :)
Changing port is super simple to configure and yet it cuts out 99.9% of noise (if not 100%) from brute-force attempts that otherwise might make you ignore alarms ...
I'm not going to answer how I go about detecting infestations, because I don't want my techniques to become useless. However, I'll depart some knowledge on how to better protect yourself.
1. Get familiar with your router.
- Find it's logs and look for anything weird incoming or outgoing that you know isn't you.
- Keep your firmware updated.
- Learn how to configure the firewall.
2. Get the most powerful machine you can afford and run a from the metal hyper visor. Make all your everyday OS installs be virtual machines or containers and be vigilant about keeping an eye on what's running on them.
4. On Linux
- Learn the "top", "ps", and "netstat" commands.
- After initial install of the OS, setup Tripwire.
- Pay attention to CERT alerts and try not to be one of the suckers that installs the various honeypot malware.
- Be concerned more with patches then Uptime (If the OS tells you it needs to be rebooted when you login, reboot the damn thing ASAP with respect to your maintenance windows).
4- OS X.
- Same as Linux, except OS X doesn't really virtualize so great. Apple really hasn't taken the time to stream line their code base when it's being run virtualized. Maybe performance will be okay on the new iMac Pro just as an effect of the Hardware overkill. Your milage may vary.
5- On Windows.
Windows is an entirely different level of complexity. However, it does virtualize very well and Microsoft has made many optimizations for it especially if you use Hyper-V.
The key here is backups. Seriously. You need to create snapshots after the initial install and if you really need to run some kind of shady freeware application, or scammy application to get your music onto your iPhone without iTunes, spin up a completely new windows VM, install all that crap in there, and when you are finished, trash that VM.
- Keep the windows defender updated and run a full scan weekly.
- Learn Task Manager
- Install SysInternals and learn what is going on in your system. https://technet.microsoft.com/en-us/sysinternals/bb842062.as...
TL;DR Security done this way is expensive, using four physical devices: A gaming desktop, a secure workstation, a NAS, an ESXi server. The hardest part at first was the discipline to use each workstation for its intended purpose and breaking bad habits, IE not browsing the web from the gaming machine etc.
As a pentester, here are some of the things that I use and do to reduce my personal attack surface. I separate out functions by device. Note that, other than the windows 10 section, this isn't cheap and isn't for most people. I've invested a large number of hours into this setup to get it to a place where I feel its "trustworthy enough."
If I were a regular user and had to use Windows 10, most of the following guide would be helpful (https://hackernoon.com/the-2017-pentester-guide-to-windows-1...). I went with a hybrid approach and incorporated elements from Sean Metcalfe's (Trimarc Security) guide on developing a secure baseline (https://adsecurity.org/?p=3299). I've done most of this to my gaming computer. I only play games and use VOIP programs on this machine. Other programs I use on this system (not in the guides) are: glasswire, herdprotect, immunet. I set up win10 to take a full system backup once a week, and this gets auto backed up to a NAS.
I use QubesOS for all non-gaming functions. This can be a painful OS to learn, but I like its "containerization" of information and the workflows for using it. Encrypted, password protected copies of my various VMs are backed up to the NAS.
I log some specific event types from every device on my network, and send it to a SIEM in a VM on a ESXi system. I have custom splunk dashboards to sort through this data and only show me what I think is important.
There is still the cheaper alternative to pack light and move often, although it also requires exercising some level of good practices, everyone feels a bit better using a freshly installed OS.
Build your own live-CD distro, use file-system snapshots, segregate data susceptible of containing malware, or buy new stuff in random shops you deem trustworthy, use it and throw it away.
On a side note, as we've seen recently, using untrustworthy sources of software like npm will without a doubt affect your level of security.
You're being downvoted - maybe because it sounds like a snarky answer? I've thought about your response and after some thinking, I feel that it's a legitimate answer. I reflected for a moment and have decided that I am starting to do the same - using the computer with the expectation that I am not the only user. It's paranoid, but it also helps me sleep at night.
Maybe working at a large insurance company, where every keystroke could be replayed by a perfect stranger, has rubbed off on my home usage. But I come from a networking field and know perfectly well that our little home routers are not things we should rely on to be on our side. Maybe they are, but I think there's a bit of luck. A lot of planning and a bit of luck.
There is no way to be 100% certain of your security with a system as complex as a computer so if you need 100% certainty then you have to assume you are compromised, even if that is a very low probability.
On a Fedora Linux laptop, I occasionally boot from USB and verify the RPM package database.
On servers, try to have secure remote logs. Use a different administration SSH key for the log server so that even if your user account and ssh-agent was compromised the attacker can't use it to edit the logs.
Have your firewall log new connections that aren't part of normal, regular service. Especially outgoing connections from servers. If a web server suddenly starts sending email on port 25 to France, it's probably hacked.
Audit the logs for anomalies such as SSH connections from new remote IPs, etc. Or known user accounts at weird times. Why is your sysadmin coworker suddenly logging in at 4 am? Etc.
Somewhat related, does anyone use Moxie's knocknock [0] or a similar procedure to secure ports?
Since I learned about it I thought it was a very interesting idea. Even tried it out a couple of times but not sure if anyone else is using it. It doesn't seem maintained and I'm not aware of more recent implementations of this.
Does anyone else use it for their setups? is it worth/not worth it?
Hey everyone ,i have just concluded a deal with a real hacker and i mean real hacker after searching for a while , i am so exicted thats why i am posting this to inform you guys , i hired him to help me hack my boy friends facebook and he gave prove before i paid him , he made a complete video of him login into the facebook account as prove ,he said he can also hack emails , twitter , whatsapp accounts , and phones , i am going to hire him again to hack an email dont hire any of this fake hackers here just visit
http://www.cyphersecurityteam.ga
or email him cypher_hacking_services@hotmail.com
31 comments
[ 4.6 ms ] story [ 90.4 ms ] threadYou can only make sure you limit any potential damage and reduce your attack surface as much as possible.
Limiting damage...
- Regular backups. - Be careful what you store on your hard drive.
Reducing attack surface.
- Latest version of operating system. - Try not to install anything.
Question 1: "Am I someone a sophisticated actor (e.g. nation states) would target?"
If the answer is yes, then congratulations—you're probably already compromised and will never know it.
If the answer is no, then you've very little to worry about as long as you practice good security habits.
This is very hard to define. I have all my servers on cloud locked down and can only ssh with keys (No passwords) and everytime I look at the access log, it just makes me sweat seeing all the "drive by" ssh access attempts using standard usernames (which I don't use) and even unstandard user names (like "mother", "suser" etc).
Almost like returning home and seeing unknown footprints outside your home door. You know the door is secure, the window is bolted and you have an alarm. But still it's unnerving.
Basic practices I follow:
Don't run services with a user that has root access.
SSH only with keys
Open up ports on Azure portal only for required services.
Check "last", "uptime" "htop" everytime I login.
----- [1] https://www.digitalocean.com/community/tutorials/how-to-set-...
Changing ssh port from standard (I literally forgot, is it 22?) to something else is one of those things you pick up in the field.
Usually only once you actually had to maintain production servers. And hopefully before some of the fancy things (e.g.: port-knockers) failed and locked you out :)
Changing port is super simple to configure and yet it cuts out 99.9% of noise (if not 100%) from brute-force attempts that otherwise might make you ignore alarms ...
1. Get familiar with your router. - Find it's logs and look for anything weird incoming or outgoing that you know isn't you. - Keep your firmware updated. - Learn how to configure the firewall.
2. Get the most powerful machine you can afford and run a from the metal hyper visor. Make all your everyday OS installs be virtual machines or containers and be vigilant about keeping an eye on what's running on them.
4. On Linux - Learn the "top", "ps", and "netstat" commands. - After initial install of the OS, setup Tripwire. - Pay attention to CERT alerts and try not to be one of the suckers that installs the various honeypot malware. - Be concerned more with patches then Uptime (If the OS tells you it needs to be rebooted when you login, reboot the damn thing ASAP with respect to your maintenance windows).
4- OS X. - Same as Linux, except OS X doesn't really virtualize so great. Apple really hasn't taken the time to stream line their code base when it's being run virtualized. Maybe performance will be okay on the new iMac Pro just as an effect of the Hardware overkill. Your milage may vary.
5- On Windows. Windows is an entirely different level of complexity. However, it does virtualize very well and Microsoft has made many optimizations for it especially if you use Hyper-V. The key here is backups. Seriously. You need to create snapshots after the initial install and if you really need to run some kind of shady freeware application, or scammy application to get your music onto your iPhone without iTunes, spin up a completely new windows VM, install all that crap in there, and when you are finished, trash that VM. - Keep the windows defender updated and run a full scan weekly. - Learn Task Manager - Install SysInternals and learn what is going on in your system. https://technet.microsoft.com/en-us/sysinternals/bb842062.as...
http://www.la-samhna.de/library/scanners.html
http://www.la-samhna.de/samhain/s_faq.html
As a pentester, here are some of the things that I use and do to reduce my personal attack surface. I separate out functions by device. Note that, other than the windows 10 section, this isn't cheap and isn't for most people. I've invested a large number of hours into this setup to get it to a place where I feel its "trustworthy enough."
If I were a regular user and had to use Windows 10, most of the following guide would be helpful (https://hackernoon.com/the-2017-pentester-guide-to-windows-1...). I went with a hybrid approach and incorporated elements from Sean Metcalfe's (Trimarc Security) guide on developing a secure baseline (https://adsecurity.org/?p=3299). I've done most of this to my gaming computer. I only play games and use VOIP programs on this machine. Other programs I use on this system (not in the guides) are: glasswire, herdprotect, immunet. I set up win10 to take a full system backup once a week, and this gets auto backed up to a NAS.
I use QubesOS for all non-gaming functions. This can be a painful OS to learn, but I like its "containerization" of information and the workflows for using it. Encrypted, password protected copies of my various VMs are backed up to the NAS.
I log some specific event types from every device on my network, and send it to a SIEM in a VM on a ESXi system. I have custom splunk dashboards to sort through this data and only show me what I think is important.
There is still the cheaper alternative to pack light and move often, although it also requires exercising some level of good practices, everyone feels a bit better using a freshly installed OS.
Build your own live-CD distro, use file-system snapshots, segregate data susceptible of containing malware, or buy new stuff in random shops you deem trustworthy, use it and throw it away.
On a side note, as we've seen recently, using untrustworthy sources of software like npm will without a doubt affect your level of security.
There is no complete and simple solution, AFAIK.
That is the only truly secure practice.
Maybe working at a large insurance company, where every keystroke could be replayed by a perfect stranger, has rubbed off on my home usage. But I come from a networking field and know perfectly well that our little home routers are not things we should rely on to be on our side. Maybe they are, but I think there's a bit of luck. A lot of planning and a bit of luck.
There is no way to be 100% certain of your security with a system as complex as a computer so if you need 100% certainty then you have to assume you are compromised, even if that is a very low probability.
Therefore the only secure practice (doing a combined approach) is to only boot from an install DVD.
Or alternatively: just never turn the computer on.
On servers, try to have secure remote logs. Use a different administration SSH key for the log server so that even if your user account and ssh-agent was compromised the attacker can't use it to edit the logs.
Have your firewall log new connections that aren't part of normal, regular service. Especially outgoing connections from servers. If a web server suddenly starts sending email on port 25 to France, it's probably hacked.
Audit the logs for anomalies such as SSH connections from new remote IPs, etc. Or known user accounts at weird times. Why is your sysadmin coworker suddenly logging in at 4 am? Etc.
Since I learned about it I thought it was a very interesting idea. Even tried it out a couple of times but not sure if anyone else is using it. It doesn't seem maintained and I'm not aware of more recent implementations of this.
Does anyone else use it for their setups? is it worth/not worth it?
[0]https://moxie.org/software/knockknock/
https://decentsecurity.com/#/holiday-tasks/
It pretty much keeps me out of any and all infestations. also a great site in general.