Personal computing discussed

Moderator: Dposcorp

 
Ricefields
Gerbil In Training
Topic Author
Posts: 6
Joined: Mon Apr 16, 2018 8:15 am

Anyone have more online security tips?

Wed Oct 17, 2018 9:15 am

Hey. Since it is Cyber Security Awareness month I've decided to take extra steps in defending myself online. I've researched various articles like this (https://medium.com/@douglasethando/cyber-security-awareness-month-top-practices-for-next-level-privacy-and-anonymity-906aa9be5aa4) and such and gathered many tips. So I want to know what you guys and gals are doing to protect yourself? I use HTTPS Everywhere, Privacy Badger and uBlock Origin plugins, NordVPN with CyberSec turned on, ProtonMail for mail, use Incognito mode very frequently. I think I'll keep my files in a cloud-based storage too. And of course 2 step authentification where possible. What do you use? I'm curious.
 
just brew it!
Gold subscriber
Administrator
Posts: 51854
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Anyone have more online security tips?

Wed Oct 17, 2018 9:40 am

I think I'll keep my files in a cloud-based storage too.

How does keeping your files in the Cloud make them more secure?
Nostalgia isn't what it used to be.
 
bthylafh
Maximum Gerbil
Posts: 4101
Joined: Mon Dec 29, 2003 11:55 pm
Location: Southwest Missouri, USA

Re: Anyone have more online security tips?

Wed Oct 17, 2018 9:48 am

There are different levels of 2FA effectiveness:

The least effective and easiest to defeat is SMS/text-based, because it's not that hard for a determined adversary to redirect SMS traffic to a phone controlled by them.

The most common is probably that based on a phone app, like Authy and Google Authenticator; these will generate codes based either on time (TOTP) or how many times they've been used (HOTP); I think TOTP is more common. This is better from a security standpoint but might still be compromised by malware, and unless you're using an app that lets you back up the key seeds (like Authy) you can be seriously inconvenienced if you lose your phone.

The most effective is using an authentication device, like a Yubikey. Google issued such devices to every employee and since that day they've never once had a successful phishing attack.
Hakkaa päälle!
i7-8700K|Asus Z-370 Pro|32GB DDR4|Asus Radeon RX-580|Samsung 960 EVO 1TB|1988 Model M||Logitech MX 518 & F310|Samsung C24FG70|Dell 2209WA|ATH-M50x
 
K-L-Waster
Gerbil XP
Posts: 302
Joined: Thu Feb 12, 2015 8:10 pm
Location: Hmmm, I was *here* a second ago...

Re: Anyone have more online security tips?

Wed Oct 17, 2018 9:52 am

just brew it! wrote:
I think I'll keep my files in a cloud-based storage too.

How does keeping your files in the Cloud make them more secure?


Cloud based storage would of course work as a form of offsite backup. But yeah, it introduces a new attack vector and doesn't do a thing about any existing vulnerabilities you may have.
Main System: i7-8700K, ASUS ROG STRIX Z370-E, 16 GB DDR4 3200 RAM, MSI GTX 1080 TI, 1 TB CRUCIAL MX500, Corsair 550D

HTPC: I5-4460, ASUS H97M-E, 8 GB RAM, GTX 970, CRUCIAL 256GB MX100, SILVERSTONE GD09B
 
Captain Ned
Gold subscriber
Global Moderator
Posts: 27381
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: Anyone have more online security tips?

Wed Oct 17, 2018 10:00 am

bthylafh wrote:
The least effective and easiest to defeat is SMS/text-based, because it's not that hard for a determined adversary to redirect SMS traffic to a phone controlled by them.

NIST officially deprecated push SMS messages as meeting MFA standards back in 2016.
Humans sleep soundly in their beds because rough cats stand ready in the night to visit violence on those who would do us harm.
 
liquidsquid
Minister of Gerbil Affairs
Posts: 2603
Joined: Wed May 29, 2002 10:49 am
Location: New York
Contact:

Re: Anyone have more online security tips?

Wed Oct 17, 2018 10:07 am

For cloud-based storage, security is only as good as the security is in the country in which the data center resides. Right now, it may be great, but tomorrow, one quick legislation change can hand over all your data to whomever decides in is theirs to do with as they please. I don't trust it for sensitive IP data.
 
TheRazorsEdge
Gerbil First Class
Posts: 188
Joined: Tue Apr 03, 2007 1:10 pm

Re: Anyone have more online security tips?

Wed Oct 17, 2018 2:30 pm

Ricefields wrote:
Hey. Since it is Cyber Security Awareness month I've decided to take extra steps in defending myself online. I've researched various articles like this (https://medium.com/@douglasethando/cyber-security-awareness-month-top-practices-for-next-level-privacy-and-anonymity-906aa9be5aa4) and such and gathered many tips. So I want to know what you guys and gals are doing to protect yourself? I use HTTPS Everywhere, Privacy Badger and uBlock Origin plugins, NordVPN with CyberSec turned on, ProtonMail for mail, use Incognito mode very frequently. I think I'll keep my files in a cloud-based storage too. And of course 2 step authentification where possible. What do you use? I'm curious.


The best you can do as a consumer is 2FA with a hardware token. SMS 2-step is better than nothing, and, honestly, it's good enough unless you're concerned about organized crime or nation states.

I second bthylafh's suggestion of a Yubikey. They are cheap and widely supported. At this point, any new 2FA services will have to support Yubico's devices due to their ubiquity, so they're the safe bet.
 
defaultluser
Gerbil
Posts: 55
Joined: Tue Feb 14, 2017 11:58 am

Re: Anyone have more online security tips?

Wed Oct 17, 2018 5:04 pm

Be sure to keep an offline backup. That way if your cloud provider goes out of business,or you get hacked by Ransomeware, you'll have a backup they can't touch.

You just have to remember to do the backup pretty regularly. It's amazing how much harder it is to kick your ass into gear when it involves digging a drive out of the closet.
 
BIF
Gold subscriber
Minister of Gerbil Affairs
Posts: 2308
Joined: Tue May 25, 2004 7:41 pm

Re: Anyone have more online security tips?

Wed Oct 17, 2018 6:33 pm

Macrium Reflect has ransomware protection built-in.

You can't delete the backup files from a backup disk (or encrypt them or do anything that changes them) outside of Macrium Reflect. That means that neither can a ransomware app do it.

This means that your Macrium backups stay unmolested. Yes, you can turn that off if you need to do some emergency disk management, but it's a manual process and you need to provide admin credentials.

And to alleviate other concerns, I also find Reflect's disk management configuration items make it VERY rare that I might have to manually delete any old backups (you know, to make room for new full backup images).
 
Yan
Silver subscriber
Gerbil Team Leader
Posts: 238
Joined: Fri Dec 21, 2012 9:37 pm
Location: Ottawa

Re: Anyone have more online security tips?

Wed Oct 17, 2018 9:24 pm

Anyone who tells you to put your files in the "cloud" (formerly called servers) for security doesn't know what he's talking about.
 
bthylafh
Maximum Gerbil
Posts: 4101
Joined: Mon Dec 29, 2003 11:55 pm
Location: Southwest Missouri, USA

Re: Anyone have more online security tips?

Wed Oct 17, 2018 10:13 pm

Yan wrote:
Anyone who tells you to put your files in the "cloud" (formerly called servers) for security doesn't know what he's talking about.


IMO that depends. Don't put your only backups there, certainly, and if you're even a little paranoid don't store them unencrypted. It can be a valid strategy if you're using it for extra redundancy, e.g. having an offline copy locally and an extra mirror of your most important stuff online, stored in an encrypted file. I've got a Veracrypt container in Google Drive that has some relatively important data.
Hakkaa päälle!
i7-8700K|Asus Z-370 Pro|32GB DDR4|Asus Radeon RX-580|Samsung 960 EVO 1TB|1988 Model M||Logitech MX 518 & F310|Samsung C24FG70|Dell 2209WA|ATH-M50x

Who is online

Users browsing this forum: curtisb and 5 guests