Difference between revisions of "Internet security tutorial"

From BoyWiki
Line 26: Line 26:


== On GNU/Linux ==
== On GNU/Linux ==
GNU/Linux is the combination of Linux, the kernel, with the GNU operating system created by [[Richard Stallman]].<ref name=linuxandgnu>http://www.gnu.org/gnu/linux-and-gnu.html</ref> The GNU/Linux operating system is often called, simply '''Linux'''.<ref name=linuxandgnu /> This operating system is free software.<ref>http://gnu.org</ref> Free software not means zero cost software.<ref name=freesw>http://www.gnu.org/philosophy/free-sw.html</ref> It means that respect your freedom to study, share, modify, etc the software. <ref name=freesw /> It is generally safer to use free software instead of proprietary software. Because you have the right to study it and find out what it is really doing. Becoming less vulnerable to malicious code and spyware. Some example of spyware in proprietary software is Windows Media Player and RealPlayer that reports what each user watches or listens. <ref>http://gnu.org/philosophy/who-does-that-server-really-serve.html</ref>
GNU/Linux is the combination of the Linux kernel, with the GNU operating system created by [[Richard Stallman]].<ref name=linuxandgnu>http://www.gnu.org/gnu/linux-and-gnu.html</ref> The GNU/Linux operating system is often called, simply '''Linux'''.<ref name=linuxandgnu /> This operating system is free software.<ref>http://gnu.org</ref> Free software not means zero cost software.<ref name=freesw>http://www.gnu.org/philosophy/free-sw.html</ref> It means that respect your freedom to study, share, modify, etc the software. <ref name=freesw /> It is generally safer to use free software instead of proprietary software. Because you have the right to study it and find out what it is really doing. Becoming less vulnerable to malicious code and spyware. Some examples of spyware in proprietary software are Windows Media Player and RealPlayer that reports what each user watches or listens. <ref>http://gnu.org/philosophy/who-does-that-server-really-serve.html</ref>


=== Why you should not use Windows? ===
=== Why you should not use Windows? ===
Line 43: Line 43:
* The Internet connection offered by your university to students and teachers.
* The Internet connection offered by your university to students and teachers.


Even if the attacker never find you. It can get fairly close, then it is highly recommended that you use the methods described here with encryption or a liveCD ([http://en.boywiki.org/w/index.php?title=Internet_security_tutorial#Encryption_.26_live_CD see above]).
Even if the attacker never find you. It can get fairly close, then it is highly recommended that you use the methods described here with encryption or a liveCD ([http://en.boywiki.org/wiki/Internet_security_tutorial#Encryption_.26_live_CD see below]).
It is recommended that you use a anonymizer(like Tor) too.
It is recommended that you use a anonymizer(like Tor) too.


Line 78: Line 78:
Some countries like the United Kingdom and Australia make it a criminal offense not to reveal your encryption password when required by law enforcement, in the [[United States]] there is no such law and you have no legal obligation to reveal your passwords to the authorities. If you were to live in a repressive country like China, and do no want to be found using encryption, then use a live CD like [https://tails.boum.org/ Tails], live CDs run in volatile RAM memory, when you switch off the computer after running a live CD, there will be nothing left to recover, not even tracks that you have used it.
Some countries like the United Kingdom and Australia make it a criminal offense not to reveal your encryption password when required by law enforcement, in the [[United States]] there is no such law and you have no legal obligation to reveal your passwords to the authorities. If you were to live in a repressive country like China, and do no want to be found using encryption, then use a live CD like [https://tails.boum.org/ Tails], live CDs run in volatile RAM memory, when you switch off the computer after running a live CD, there will be nothing left to recover, not even tracks that you have used it.


As Truecrypt, [http://gnu.org/s/fcrypt GNU fcrypt] is a disk encryption software. It allows you to use random passwords. The randomly generated password is in memory and is never disclosed to the User. Then you not need hide anything.  But this program is in development, not have released versions and may have security holes. The if you isn't a computer hacker, then it is bad idea to use this program. It only works on GNU/Linux and GNU/Hurd operating systems.
As Truecrypt, [http://gnu.org/s/fcrypt GNU fcrypt] is a disk encryption software. It allows you to use random passwords. The randomly generated password is in memory and is never disclosed to the User. Then you not need hide anything.  But this program is in development, not have released versions and may have security holes. Then if you isn't a computer hacker, it is bad idea to use this program. It only works on GNU/Linux and GNU/Hurd operating systems.


==== Using secure passwords ====
==== Using secure passwords ====
Line 89: Line 89:


==Internet Security and Child Pornography==
==Internet Security and Child Pornography==
Remember that no matter how secure you can make your computer, it will never be 100 percent secure. There will always be ways law enforcement can use to bust you if you attempt downloading illegal materials on your computer. This tutorial should only be used to help you visit legal web sites safely without having to fear revealing your personal information or getting your computer hacked or infected by nasty code, not to help visiting illegal sites. There is only one waterproof advice to avoid being caught with child pornography: '''stay away from it!''' and be careful because the FBI put links to fake child porn sites, and then raids the homes of anyone willing to click on them. <ref>http://news.cnet.com/8301-13578_3-9899151-38.html</ref>
Remember that no matter how secure you can make your computer, it will never be 100 percent secure. There will always be ways law enforcement can use to bust you if you attempt downloading illegal materials on your computer. For example, the FBI put links to fake child porn sites, and then raids the homes of anyone willing to click on them. <ref>http://news.cnet.com/8301-13578_3-9899151-38.html</ref> This tutorial should only be used to help you visit legal web sites safely without having to fear revealing your personal information or getting your computer hacked or infected by nasty code, not to help visiting illegal sites. There is only one waterproof advice to avoid being caught with child pornography: '''stay away from it!'''


==securely deleting files==
==securely deleting files==

Revision as of 08:04, 17 January 2013

This tutorial will help you stay safe when using the Internet, and avoid hackers, viruses, and accidentally giving out your private information to strangers. The first section assume that you're using Microsoft Windows (the most popular operating system for PCs).

On Windows

Browser security

Main article: Browser security

All Windows versions newer than Windows 95 (including Windows NT 4.0 and Windows XP) ship with a web browser called Microsoft Internet Explorer (often called "IE"). This is the program you use to 'surf the web' and view web pages. As Windows is a popular operating system, a large percentage of web surfers (often estimated to around 90 %) use IE. But it doesn't mean that IE is the only Internet browser out there.

In fact, it is strongly advisable to use another web browser instead of IE. Here's why:

  • IE is known for having many security holes that can be used by hackers and malicious code to gain entry to your computer. IE is also closely integrated with Windows, which means that security exploits in IE can easily be used to infect the entire operating system.
  • IE is the most popular Internet browser on the web, which means that it is a big target for hackers and viruses out there.

Instead, it is recommended to use either Mozilla Firefox or Opera as the standard Internet browser. Firefox is open source software, while Opera is proprietary software but you can get it at zero cost. Both are simple to download and install (visit the websites linked below). Firefox seems to be preferred by many.

Firewall/Anti-virus

A firewall is software that monitors your internet connection and allows you to only let through the programs you want and block out potential hackers. Windows comes with a built-in firewall turned on by default, unfortunately this will not warn you against insider threats, like a trojan already installed in your computer attempting to connect to an external server, Windows firewall only blocks incoming hacking attempts, to improve your security it would be best to install one of the many free firewalls, e.g. Comodo, ZoneAlarm.

Anti-virus software will prevent computer viruses from spreading to your computer monitoring the behaviour of downloaded files, your antivirus will only come into action when you execute or unrar a file, if the virus is just sitting down on the drive the antivirus will not detect it unless you select it and run a manual scan. Windows does not come with antivirus, there are various free ones that do a good job. e.g. Avast, AVG

To be secure you should be running both, an antivirus and a firewall, both programs are complementary and do different jobs, a firewall will not analyse files, it only looks into your Internet connection and blocks unauthorised requests to access the Internet.

Windows Update

Windows has a feature called Windows Update, which lets you easily update Windows with new security fixes, you should visit Windows Update regularly (there should be a shortcut in the Start Menu) or considering turning on automatic updates. Not all software will be updated by Windows, operating system addons, like Flash, Shockwave and Java, are updated by their respective developers, you will be better off using the software settings to automatically update and you will not have to keep checking for security patches.

People working in very high security environments and fearing privacy breaches from corrupt security agencies should extreme caution when updating software, read everything before clicking on "Next" and make sure that the update is valid. It is known that top law enforcement departments have access to tools that camouflage trojans as fake Windows and Flash player updates and they are not detected by any antivirus. According to "Wikileaks SpyFiles", The Gamma group offers to law enforcement personnel a trojan called Finfly to remotely install monitoring software on a target computer, they also have tools to monitor huge volumes of traffic going through an ISP and lock into certain keywords, using a VPN or encrypted connection will get around ISP filters and monitoring.

On GNU/Linux

GNU/Linux is the combination of the Linux kernel, with the GNU operating system created by Richard Stallman.[1] The GNU/Linux operating system is often called, simply Linux.[1] This operating system is free software.[2] Free software not means zero cost software.[3] It means that respect your freedom to study, share, modify, etc the software. [3] It is generally safer to use free software instead of proprietary software. Because you have the right to study it and find out what it is really doing. Becoming less vulnerable to malicious code and spyware. Some examples of spyware in proprietary software are Windows Media Player and RealPlayer that reports what each user watches or listens. [4]

Why you should not use Windows?

Windows have a long history of security holes.[5] Windows is proprietary software and Windows 8 restricts your freedom, invades your privacy and expose your personal data. [6]

Migrating to GNU/Linux

If you use Windows and want to try the GNU/Linux system. Then you can download Trisquel here. The next step is to burn a CD/DVD. You can use BurnAware Free for that purpose. But the Windows 7 have integrated support to burn ISO images. Click in the file with the mouse right button, and select the appropriate option to burn CD/DVD. Trisquel can be used as a live CD, if you not want to install it. Tails is some variant of the GNU/Linux system in a live CD. Tails is focused on user privacy.

Anonymity via wireless

If you known some wireless network that allows you to get connected to. Using only information that is used by other people too(eg. the network name and the password). Then you can use it to have some anonymity. But it may only work if other people is using exactly the same network at exactly the same time. Then the attacker will not know for sure, who exactly made such access.

These networks can be:

  • The Internet connection offered by your job that other employees are using too.
  • Open Wireless: The Internet connection offered by public places. These places can be shops, restaurants, parks and so on.
  • The Internet connection offered by your university to students and teachers.

Even if the attacker never find you. It can get fairly close, then it is highly recommended that you use the methods described here with encryption or a liveCD (see below). It is recommended that you use a anonymizer(like Tor) too.

Faking the MAC address

Each network card has a MAC address. This address is unique, so if the attacker gets it, will probably reach your computer and you. This address can not be obtained through the Internet. But it can be used to communicate with other computers or routers on the same network.

So if you want anonymity through a public network (eg. Open Wireless). You should fake that address. To fake it simply change it by something else. For example: 00:D0:A3:4B:C3:F5

Open a terminal and type the following lines:
sudo ifconfig wlan0 down
sudo ifconfig wlan0 hw ether 00:D0:A3:4B:C3:F5
sudo ifconfig wlan0 up

In this example I use the wlan0 device, but you may use some other to connect to the Internet, then pay attention to error messages like: wlan0: unknown interface: No such device. This means that an error occurred and the address has not changed.

You can do that for all interfaces the command ifconfig will show the interface name for all interfaces. Simply replace wlan0, by the name of the interface. For example:
sudo ifconfig eth0 down
sudo ifconfig eth0 hw ether 00:D0:A3:4B:C3:F5
sudo ifconfig eth0 up

Then run ifconfig to make sure they succeed. This command will show the interface name followed by several information. If all went well the MAC that you typed should appear as the HWaddr of the interface that you use to access the Internet.

You may want to change the MAC for all interfaces. After it re-run ifconfig to make sure that everything went well.

Encryption & live CD

Strong password to log on accounts on your computer is a good step. But it isn't enough to protect your computer against seizure. Encryption allow your data to be unreadable for the attacker.

The last and more important line of defense is encryption, numerous BLs have had their lives destroyed after their computers have been unexpectedly lost or stolen, privacy breaches can be easily stopped using full disk encryption. Full disk encryption will encrypt every single byte in your hard drive and will only make it accessible after you enter the correct password. Encryption software like Truecrypt has been known to be unbreakable by even law enforcement. There are many encryption programs out there, you should focus on those that can fully encrypt the drive, if you encrypt single files there is the risk that temporary files will still exist in your drive.

Some countries like the United Kingdom and Australia make it a criminal offense not to reveal your encryption password when required by law enforcement, in the United States there is no such law and you have no legal obligation to reveal your passwords to the authorities. If you were to live in a repressive country like China, and do no want to be found using encryption, then use a live CD like Tails, live CDs run in volatile RAM memory, when you switch off the computer after running a live CD, there will be nothing left to recover, not even tracks that you have used it.

As Truecrypt, GNU fcrypt is a disk encryption software. It allows you to use random passwords. The randomly generated password is in memory and is never disclosed to the User. Then you not need hide anything. But this program is in development, not have released versions and may have security holes. Then if you isn't a computer hacker, it is bad idea to use this program. It only works on GNU/Linux and GNU/Hurd operating systems.

Using secure passwords

The weakness of most encryption systems is the password. You must remember that computers can test password much more faster than a human. Then if your password is a dictionary word, sooner or later it will be found. Some brute force programs used by government agencies, try to combine dictionary words with numbers and do some other common changes too: like changing 'o' by '0', etc. Some weak password like john34, car23 or john34car23 may be easily found by government agencies trying to look at your files.

Proxy

All computers that are connected to the Internet have their own identifiable IP address. It is visible to external web sites you connect to, and in the worst case can be used to identify you as an individual. A proxy can help you stay anonymous on the Internet by masking your IP address. The easiest proxies operate via a website, like Anonymouse (link below). Using a proxy is recommended when visiting boylover sites that use external hosting of images, like boylover.net.

If you're serious about Internet security, you should consider using Tor. It is an advanced proxy, and is better at protecting your privacy than web-based proxies. Tor is also considered more secure, as it is based on open source code and dynamic traffic routing, and doesn't have the possibilites for logging that a fixed web site has. It should be noted that Tor is still experimental software. Tor is a program that is installed on your computer. There are downloads and complete installation instructions available at Tor's home site (linked below).

Internet Security and Child Pornography

Remember that no matter how secure you can make your computer, it will never be 100 percent secure. There will always be ways law enforcement can use to bust you if you attempt downloading illegal materials on your computer. For example, the FBI put links to fake child porn sites, and then raids the homes of anyone willing to click on them. [7] This tutorial should only be used to help you visit legal web sites safely without having to fear revealing your personal information or getting your computer hacked or infected by nasty code, not to help visiting illegal sites. There is only one waterproof advice to avoid being caught with child pornography: stay away from it!

securely deleting files

Many times when using GNU/Linux or Windows, when you try to delete some file. It isn't really deleted. Instead the information about it's existence is deleted. Then an attacker can retrieve the file from disk. When using GNU/Linux you should open a terminal and use shred -u <file_name> or shred <file_name> instead of rm. If you use Windows, you can use the Eraser.

External links

References