Personal infosec tips for 2016

(This post has been originally posted on LinkedIn on Dec 31, 2015).

It’s no secret that the computer security threat landscape changes constantly for both private individuals and corporations. Wannabe cybercriminals, as well as the real ones, compete with nation state sponsored intelligence agencies to get the most of our sensitive data. Their toolkits and modus operandi aren’t static and neither should be ours.

Considering the ever changing personal security agenda, I have decided to update my advise on personal computer security, or personal cybersecurity if you like (however, I assume this term is irrelevant in a private setting). It may look like I am biased towards Apple stuff at several points below, but there are at least two reasons for that. First, the company has made huge progress in protecting their customers privacy lately; and second, I am a long term Apple user myself so these things are just closer to my experience. So, let’s go shopping 🙂

1. Use less software and regularly update what you use

The principal idea here is that the more software you use the more vulnerable you are. If you don’t need it or start it once a year just to remind yourself what’s it doing on your computer, remove it now. If you still use Java or Flash you should consider removing them right now. There is no reasonable explanation for keeping Flash in your system and Java is getting there too. So, unless your employer still runs some piece of enterprise crapware that requires Java for workstation clients, remove it as well. And if you can’t at least consider forbidding it from running in your browser. A lot’s been said about keeping all your code up to date, so just do it. Pay most attention to your OS and web browser and review the possibility to automate third party apps updates by using Secunia PSI or MacInformer. (Most Linux users are lucky since software updating is an essential function of all modern distros.)

2. Use a VPN service or setup your own

VPNs are getting cheaper each day because you know… NSA has made it a highly competitive market lately. You can get a single subscription for all your devices from FreedomeVPN by F-Secure or PrivateVPNAccess. Both are affordable if connection privacy is of importance to you. You can even setup your own server on Amazon or DigitalOcean and run it for the cost of one virtual instance (DO price is $5 per month + $1 if you want backups). OpenVPN AS is much easier to install and configure than a true opensource openvpn, and it has a free license for 2 concurrent users and easy to use client software for all contemporary environments (no WinMobile though).

3. Use secure communications software

There are plenty of means for secure talks and messaging nowadays. On your smartphone, OpenWhisperSystems Signal does its job of protecting your VoIP calls and text messages. It’s free and runs smoothly on iOS and Android (no luck for those three WinMobile fans I can think of). If you decide to use something else, make sure its architecture is server-less, meaning your messages are encrypted peer-to-peer and not stored anywhere in between. iMessage, although limited to Apple users, is one of plausible examples and Facebook Messenger is not.

For email, use good old PGP. GPGTools allows using it with Apple Mail easily and transparently. I am sure there is a way of installing GnuPG with your email client on Windows and Linux has been providing its users with this capability for years. GMail fans who still rely on webmail interface can do it too. So it looks like there is no excuse left for those who say email crypto is hard: it’s absolutely not for quite a while now. GPGTools is free but I’m sure you’re going to donate once you see its value.

4. Use a password manager

There is no need to remember more than a few passphrases these days. Get a password manager that synchronizes between your devices, protect it with a strong password, and generate unique, random, virtually unbreakable authentication keys for everything else. Personally I recommend using 1Password if Apple ecosystem is your friend, otherwise you can take a look at Keepass. 1Password can be free unless you need iCloud sync, and Keepass is free and opensource.

5. Encrypt your files before putting them into the cloud

Boxcryptor encrypts your stuff before your Dropbox, iCloud, Google Drive etc. synchronizes it to their servers and gets ahold of your content. There is no reason to share your precious files with someone you don’t even know personally, so encrypt them before you upload them. Boxcryptor allows you to share files securely too by adding other users to encrypted shares and granularly managing their permissions. I suppose there are other services like that, just make sure they don’t have easy access to your keys and encrypt files locally before uploading. Boxcryptor is free to use with just one cloud storage.

6. Backup everything and backup frequently

Offline storage space gets less and less expansive each year. Buy a 1 or 2 TB USB hard drive and backup your valuable files at least once a month. Most importantly, encrypt your backups and backup your encryption keys, such as PGP keys and password database. Again, Apple users are the luckiest ones since the platform allows for seamless full and incremental backups protected by contemporary crypto.

That’s it for now. Be safe in 2016.

Updated 7/01/16 — This is a really nice guide on how you can make your work with OS X more secure. It collides with some points I’ve highlighted in my post and I believe every Mac user can find lots of good advice in there.

Залишити коментар