Slashdot Mirror
How Do YOU Establish a Secure Computing Environment?
sneakyimp writes "We've seen increasingly creative ways for bad guys to compromise your system like infected pen drives, computers preloaded with malware, mobile phone apps with malware, and a $300 app that can sniff out your encryption keys. On top of these obvious risks, there are lingering questions about the integrity of common operating systems and cloud computing services. Do Windows, OSX, and Linux have security holes? Does Windows supply a backdoor for the U.S. or other governments? Should you really trust your Linux multiverse repository? Do Google and Apple data mine your private mobile phone data for private information? Does Ubuntu's sharing of my data with Amazon compromise my privacy? Can the U.S. Government seize your cloud data without a warrant? Can McAfee or Kaspersky really be trusted?
Naturally, the question arises of how to establish and maintain an ironclad workstation or laptop for the purpose of handling sensitive information or doing security research. DARPA has approached the problem by awarding a $21.4M contract to Invincea to create a secure version of Android. What should we do if we don't have $21.4M USD? Is it safe to buy a PC from any manufacturer? Is it even safe to buy individual computer components and assemble one's own machine? Or might the motherboard firmware be compromised? What steps can one take to ensure a truly secure computing environment? Is this even possible? Can anyone recommend a through checklist or suggest best practices?"
If you want a secure computing environment, don't connect your computer to anything! Also keep it in a faraday cage, and make sure the power supply lines are filtered so they can't carry signals out through the cage.
That's what I did last time I needed a super secure environment. Local network only, KVM extension to put the user interface far away from the locked up computer. Granted that's not what the article is looking for, but that was the best solution I could find at the time.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Get the necessary equipment and make your own CPU. Also make the lithography masks yourself to ensure your paranoia score reaches a maximum level! Next proceed to make your own motherboard (making all the components yourself as mentioned earlier). Also you'll have to create your own CRT monitor (imagine if they intercepted the signals between the graphics card and the monitor!!!). And you might want to sit in a faraday cage made out of mu metal with your own personal lemon battery based power supply.
A faraday cage is not enough. Make sure no optical signals can get out of the room.
cpghost at Cordula's Web.
Nobody but me gets to my abacus!
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I've got a VM that I run on Windows 2000. That OS is no longer patched by Microsoft so I don't want to expose it to the internet. I turned off all the networking protocols and shut off all the services that have to do with I/O. If I open a browser the only site it will connect to is a server I have running inside the VM, which requires a password. I turned off the network shares so there's no chance of getting an infected file from the host machine. The only way to write a file to it is via a USB drive and I scan those before I connect it.
The OS runs great and, with all those unnecessary services turned off, quickly as well.
You have to achieve a personal balance between functionality and security. Security and functionality are inversely proportional. For the average user, having a login password will be enough. If you are storing private data, like tax returns and financial documents, encryption is a good idea. A Truecrypt container with a strong password (16+ characters, upper and lower case letters, numbers, and symbols) will suffice.
If you are of the moderately paranoid group (like me), then FDE, private browsing, and a SSD with TRIM capable motherboard/OS will be enough. If you believe the NSA is watching you, then try taking your meds and refer to the moderately paranoid measures.
sudo make me a sandwich
The Ninja post was a joke with a point: It's practically impossible to do "secure computing" unless you are an island unto yourself.
The better question is:
What level of security is "cost effective" for you?
I'll give my answer as a reply.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
The term "secure" here is used in a bit misleading manner, there's nothing that could possibly be absolutely "secure" in this world, ever.
We should always ask only what amount of security the environment provides. In terms of money.
It's very hard to live in a constant state of fear and paranoia. Better to unplug and relax.
none
i actually run linux on the desktop to help stay secure and don't pirate software. Add some ufw firewall rules and a router based firewall and you can survive most non-local (in the room) attacks.
1. Write your own OS, that way the government can't backdoor your OS's manufacturer without prior knowledge.
2. At a minimum flash your motherboard's firmware to something trusted or written yourself
3. Write your own anti-virus
4. Run ethernet wire to trusted locations (make sure it's outdoor grade wire)
5. Install security cameras at trusted locations and filter everything from them via DPI.
6. Surf mass pron off a random trusted location.
1 What are the threats? 2 Why do you care? 3 Expose as little as possible 'publicly' with as few people even knowing you have diamonds in your safe. 4 Have 'CCTV' so you can detect intrusions (and possibly a honeytrap) 5 Assume anyone with $$$ to spend technically will first spend $ on more basic intelligence. 6 [This list goes on and on]
Kudos to you AC! Not many of us have paranormal means of posting to /.!
I lie about everything
On the other hand, perhaps there's another explanation.....
Galileo: "The Earth revolves around the Sun!"
Score: -1 100% Flamebait
There is no way you can avoid putting trust on something outside your own control, be it the C compiler, firmware on the motherboard or the CPU itself. So what you really are asking is "where should I put my trust level". That depends extremely from person to person and is next to impossible to answer, almost like asking "what car should I buy". You cannot expect good answers to what you ask without providing good indicators about what threats you consider important. However, the slashdot crowd usually does not pay any attention to the original question in any case, so maybe it is not that important :)
When you are sure of something, you probably are wrong (search for "Unskilled and Unaware of It").
My "computing environment" is quite adequately secure against my threat model which is limited to criminals who might want my secret banking information. Yours might include the NSA or even Bruce Schneier.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
This is about my personal computing, but I would apply the same general principles to other non-critical environments.
What's the worst thing that could happen to my computers? Someone sneaks into my home and installs a hidden camera to catch everything that's on the screen and all keyboard input, AND they somehow install something to log all network traffic and become the man in the middle when they want to.
How likely is this? Unless the feds confuse me with a terrorist and do this with a warrant, it's exceedingly unlikely.
What are some other "high-loss" risks?
* Virus that encrypts my computer and holds it ho$tage
* Virus installs a keylogger that captures an email login, banking credentials, etc. and uses them to impersonate me in a very bad way. "Hi, this is your bank. Your wire transfer to OFFSHOREBANK was processed this morning. This is just a call to remind you of a low-balance fee if sufficient funds are not deposited by the end of the day. Thank you."
* Fire or other calamity that physically destroys my computers, and things a lot more important than my computers.
So here's the big question:
What are the security vulnerabilities I can mitigate cheaper than the "cost" of just not having a network-attached computer at all?
* Fire/theft/physical loss. Mitigated/prevented by backups, casualty insurance, fire extinguishers, etc. .TXT, TAB- and comman-delimited simple spreadsheets, .GIF and .JPEG images, and some versions of PostScript and PDF files are among the many formats that will likely be easily readable 10 or 20 years from now assuming the media is still readable or that the file has been copied to new media before it became unreadable. Human-readable paper printouts, photographic slides, and photographic negatives are also pretty much immune from becoming technologically obsolete in my lifetime, but they require large amounts of space and a certain amount of care. Paper and especially film also decays over a 10-100 year time frame.
* Theft: Good encryption and good passwords. Pray the thief or his buyer isn't a forensics expert.
* Malware. Mitigated/prevented by backups, low-cost ("$50+tax with $50 mail-in rebate!") security software, "safe-surfing" habits (script-blocking, etc.), 2-way firewalls on the computer and network gateway/router, etc.
* Legal government intrusion: Mitigated/prevented by living in a relatively free country. Cannot be eliminated.
* Illegal/rogue government or ISP intrusion: Mitigated/prevented by living in a relatively free country that can and sometimes will throw individuals responsible in jail. Work on the assumption that this cannot be eliminated.
* WiFi intrusion on my home net: Mitigated by strong encryption and a good pass-phrase and a WiFi Router vendor that I trust.
* WiFi spoofing: Unknown risk.. Other than keeping the password secure and avoiding algorithms that are known to be vulnerable, I don't attempt to mitigate or prevent this.
* Public WiFi hotspots: Compute with care, avoid using them unless absolutely necessary. Prefer my cell phone's "G3/G4" instead of an unsecure or secure-but-untrusted hotspot.
* WiFi- and Bluetooth-based attacks: Turn off WiFi when not in use. Don't allow connections in or out without my permission.
* Backup failure: Test backups. Have multiple backups in multiple formats from multiple points in time.
* File format obsolescence: Have really important stuff in formats that will likely outlive the usefulness of the data.
Bottom line:
* If I lose everything I have on my computer, it won't drive me to suicide.
* The very important stuff is backed up in multiple places including offsite and in multiple formats.
* The medium-important stuff is backed up.
* If I can prevent a large amount of likely damage at a low cost, I'll do it.
* If I can't afford to lose it, I can't afford to NOT insure against loss.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Layer 1 (most secure): strictest confidential information, for storage purposes only. system locked metal room with no windows and no internet, system locked in cage with access to display, keyboard, mouse, and drive, all data read/written to drive is permanently logged, connected to layer 2 via sneaker-net.
Layer 2: strictest confidential creation and reference. internal LAN only systems, user endpoints are read only and contain no drives or usb. server is in locked room with limited access and contains files accessed by users, as well as user endpoints with write capability, connected to layer 3 via sneaker-net.
Layer 3: confidential creation and reference. internal LAN with write ability to files, temporarily read only network connectable to layer 4 via password.
Layer 4: normal productivity with confidential read access. normal internet connected network, usb and drives on centrally located system controlled by admin, all io logged.
I lie about everything
On the other hand, perhaps there's another explanation.....
That's no explanation, because he'd clearly have to be lying about lying about everything, but that means he's telling the truth, but that means he lies about everything, but that means .... *does not compute* *does not compute* *head explodes*
I am officially gone from
Use at least 2 operating systems, at least 2 browsers, at least 2 office applications
So you spend twice as much managing it all?
So you have twice the attack surface?
So you have two OS's exploits to defend against?
So you have two browsers with different security issues to keep patched?
So you have two office suites to fix as well?
So you're a smaller customer to different vendors, so they care less about your complaints?
Please explain how the risk to Machine A is changed by Machine B having the same or different hardware or software.
Can anyone recommend a through checklist or suggest best practices?
Step one: Put someone else in charge of security
Step two: Make that someone else liable for security breaches.
You don't need computer security, you need psychiatric help, seriously. I've known people with paranoid delusional conditions before. Talk to to Psychologist about getting help and make sure you take care of your mental health. You really, really, don't want to end up on the street where your mental health spirals out of control.
If your not willing to work with that than I suggest you keep a few practical thoughts in mind:
The FBI doesn't care about your porn habits unless they involve underage kids.
The CIA could care less about you unless your working on behalf of a foreign government and even then probably not.
The NSA consider you a civil matter.
If your in another country simply substitute your local government agency for the right one.
Frankly if you were working for anybody that the CIA, NSA etc actually cared about you would be getting professional advice from your employer, and not by asking Slashdot. You sound like a young person thinking about becoming a script kiddie or someone with delusion of prosecution over warez trading and porn surfing. The comment is quite sincere, you need to seek help from a mental health professional.
I'm going to assume that this is a serious question, if slightly fuzzily worded. And that what you want is the best security position that is practical, and still have a computing environment that is useful to you.
So this is going to draw some fire I suspect, but maybe start by reading the PCI DSS Data Security Standard and apply as much as possible of the practical stuff to your environment.
PCI DSS has its issues and its critics and is most definitely not perfect. But it is an attempt by a group comprising of all the major credit and debit card brands to define how to secure a computing environment that is connected to the internet and contains sensitive information.
A lot of it won't be relevant to you. But if you're not trying to achieve compliance, you can throw out the bits you don't need.
Never trust a man in a blue trench coat, Never drive a car when you're dead
Do Windows, OSX, and Linux have security holes?
Yes.
Does Windows supply a backdoor for the U.S. or other governments?
Yes.
Should you really trust your Linux multiverse repository?
No.
Do Google and Apple data mine your private mobile phone data for private information?
Yes.
Does Ubuntu's sharing of my data with Amazon compromise my privacy?
Yes.
Can the U.S. Government seize your cloud data without a warrant?
Yes. (The U.S. government can do anything. Your only recourse if they do something wrong is to sue them. Suing them typically takes years of time and hundreds of thousands of dollars for you. Thus, in a practical sense no one really has any firm rights any longer because the system in charge of correcting breaches to those rights is not accessible or swift for an average citizen using it.)
Can McAfee or Kaspersky really be trusted?
No.
Naturally, the question arises of how to establish and maintain an ironclad workstation or laptop for the purpose of handling sensitive information or doing security research. DARPA has approached the problem by awarding a $21.4M contract to Invincea to create a secure version of Android. What should we do if we don't have $21.4M USD?
Use FreeBSD or other extreme minority operating system.
Is it safe to buy a PC from any manufacturer?
Not any, but likely most.
Is it even safe to buy individual computer components and assemble one's own machine?
Again, usually it would be. It seems like software is typically the vector of attack. Hardware much less often comes with built-in vulnerabilities.
Or might the motherboard firmware be compromised?
Less likely than the OS, but remotely possible from some manufacturers.
What steps can one take to ensure a truly secure computing environment? Is this even possible?
Don't connect your computer to the Internet. Even if the OS is hacked, the motherboard firmware is hacked and the hardware itself is hacked, it doesn't matter if nobody can access it but you.
Can anyone recommend a through checklist or suggest best practices?
http://lmgtfy.com/?q=secure+hardware+and+software+computing+checklist
__
Big apple, new Yorik, undig it, something's unrotting in Edenmark.
If this is about a critical, large budget kind of thing, then this is so secure that I dare to claim that it is perfect, even though it theoretically is not.
1. Get some general hardware, supported by Coreboot;
2. Examine the code of Coreboot, then compile with a compiler release that is way older than the hardware;
3. Examine a microkernel codebase, newer than the hardware, then only compile what you need, simply because unneeded codepaths that are connected to other code can lead to a theoretical exploits;
4. Encrypt network communications, then bitflip for corruption, and include random noice (Rubberhose File System style);
5. Run a whitelist network packet checker, like Mandatory Acces Controll profiling, for communication.
6. Write application for functionality of computing device, compile for other CPU architecture, and emulate on CPU emulator lib.
Should be good enough, no?
Here be signatures
I see that many comments have done a good job pointing out the paranoid mindset of the questions in this post. It's true, if you're absolutely worried about hiding your data from the FBI, CIA, and NSA, you are either doing something so illegal that I don't want to help, or you are delusional and paranoid. However, reading between the lines, I think you've just seen too much FUD about security. If you really just want security that's "good enough" then you can get it by following some of the simple best practices. Here's some things that have been found to help in most environments:
1) Passwords are pretty good. Use a different password (fairly long, somewhat complex) on each different site and use a password manager (put that on a non-networked system if you're concerned), instead of trying to memorize dozens of different passwords.
2) Separate important and unimportant systems - if you have an online banking account, don't access it from the same machine you surf the web for "warez" on.
3) Use virtualization technology to "sandbox" dangerous activities. If you're researching viruses or malware, or browsing unusual web sites, do that in a virtual machine with snapshots. Destroy the virtual machine or restore to a "known good" configuration frequently.
4) Turn on firewalls, run anti-virus, and use registry/configuration cleaners frequently. If you're blocking any inbound connections to your network, you're safer. If all files you download are scanned, you're safer. If you regularly scan for known exploits and malware, and remove infections or destroy the system, you're safer.
5) Use encryption for sensitive information. Full disk encryption on your traveling laptop would be a great start. Use disk or file based encryption on sensitive documents, and ALWAYS use SSL when transmitting over open networks (that means ssh instead of telnet, FTPS instead of FTP, etc.). Encrypt backups as well as primary data.
6) Keep your systems reasonably up to date and follow recommendations from your software vendors about best security practices.
I'm sure there's a thousand other tips that would help, but you're not paying me, so this is where I'll stop.
Syn attacks might cause a buffer overflow and a root, but it's unlikely. It depends on the genre of the TCP stack, what service is being slaughtered in the stack, What it does do is chew up resources.
A Syn attack is just as much of a security issue as not parsing get/posts and blowing up an httpd. The job is to take someone offline or crash them intentionally, or root them, or make them cough data (that might be resold). Any DoS attack is a security problem because an asset is removed from production.
Syn attacks are indeed about security, just vastly less likely to make data vulnerable. There are theories about using other kinds of attacks to take down BIND or the DNS Services of Windows Servers, but that's a more onerous kind of attack.
---- Teach Peace. It's Cheaper Than War.
I can hardly believe that, so far, nobody mentioned Qubes OS.
In the theoretical sense, security is possible. It's just very hard. Especially if you want to spend your time doing something other than building a secure computer system.
In practice, most people live with a reasonably amount of security by installing a reasonable alternate OS such as Debian, not installing unnecessary software such as the Java plugin, and regularly installing security updates.
But if you really want security, what you should be doing is isolating, isolating, isolating. If a program has no business using a resource, then it should not be possible for it to access that resource. Qubes is one attempt to do this while preserving application compatibility, by having applications and services isolated to their own virtual machines. Even the network card drivers are in separate virtual machines.
For maximum security with Qubes, you really need a processor with support for VT-d, such as a selected subset of Nehalem and better processors, but the AppVM security mechanism at least should work.
Have a nice time.