WolfHawke’s Security Suite
[Version 1.4 | Updated: 2008-03-09]
Page 3 of 3
 The Steel Door
I’m a bit of a paranoiac when it comes to my computer’s safety so I make sure that my computer is locked up as tightly as possible. This includes doing everything that is listed under the Wood Door option.
Before I continue I would like to point out that the Steel Door is harder to set up and takes a bit more maintenance than the Wood Door does. If you are an average computer user you may not want to even bother with this, but here are some hints about setting up an even more secure computer.
1. Close Up Your Wireless Internet Connection
One of the biggest holes in modern computers — especially laptops — is WiFi. Many people leave their wireless link on all the time, through which it’s possible for unscrupulous people to hack into your computer. Here are a few things you can do to keep that from happening.
First, if you’re running a Windows machine, disable File and Printer Sharing for Microsoft Networks in your Wireless Networks Connection Properties dialog. It’s found by right-clicking your Wireless Network Connection icon in the Network Connections screen under the Control Panel. Look through the list that pops up and uncheck the checkbox next to File and Printer Sharing for Microsoft Networks. This way your computer can’t broadcast any file information via the WiFi connection.
Second, if your laptop has a physical WiFi switch, turn it off unless you want to get on the Internet. And then only leave it on as long as you’re on-line. Turn it off as soon as you can.
Third, just to be really, really safe (and if you don’t have a physical switch, such as on a Dell), disable the wireless network connection when you’re not using it. To do this right-click your Wireless Network icon in the notification area of your taskbar and select Disable from the menu.
Fourth, make sure that your wireless router connection is encrypted and password-protected. Use WPA encryption with a long passphrase (a minimum of 10 characters). WEP is inherently insecure, no matter how high the encryption is. To be even safer, set up your router to only accept your wireless computer’s MAC address (see your router box’s documentation on how to do this).
Fifth, if you have a desktop, don’t use wireless connections at all. Physically plug it in using an Ethernet cable. The only ways someone can get at a computer that doesn’t have a wireless connection is by physically plugging into the network or hacking through your firewall. And that’s a lot harder than simply leeching a wireless connection.
2. Use Skype for Voice and Text Chatting On-Line
Skype is one of those programs that has the on-line world polarized. On one side are the proponents (including NSA agents) who say that it’s the most secure chat program out there. On the other side are the open-source aficionados who complain that Skype doesn’t allow people to look into the inner workings of their software in order to make sure it really is secure.
Regardless, my experience with Skype has been that it is secure. It’s encrypted from computer to computer and from everything I’ve read, the encryption is pretty good and would have to be cracked at one of the three end points (my computer, Skype’s network server, or the recipient’s computer). It also doesn’t have many of the holes that MSN Messenger or AIM or ICQ or Yahoo! Messenger have.
Skype even allows you to place phone calls to good old telephones (for a modest fee that is rather lower than any long-distance fees I’ve ever seen). It can be used to receive phone calls, too (again for a modest fee).
So, in general, if you want to keep people from eavesdropping on your chats, get Skype and you’ll be pretty sure that they can’t see what you’re doing or saying … unless of course you’ve gotten a Trojan virus on your computer somewhere….
3. Use Encrypted E-mail
Yes, this does exist for the average user. There are basically two forms of encrypted e-mail. The first is to use a two-key encryption system like PGP (or its open source counterpart GnuPG). What PGP allows you to do is to encrypt the message that you're sending to your friend with his/her public key and only they can then decrypt it using their private key. They in turn can send you encrypted messages by encrypting it with your public key and only you can decrypt it with your private one. It's pretty straight forward, but it has two serious drawbacks. The first is that for the e-mail to be truly secure both sides must be running PGP (or GnuPG) and only the mail that you specifically encrypt gets encrypted. If someone isn’t running PGP all their mail will be sent as plain text regardless of what you do. Secondly, encrypting some but not all of your mail can raise red flags, too, depending on where you live.
The better method is to use an encrypted e-mail service like Hushmail or GMail. These guys use SSL (the same technology used for securing your on-line bank account) to encrypt all the data that is transferred between your computer and the e-mail server. And the great thing is that your recipient never has to go through the trouble of decrypting your e-mail. Many of the free services are web-based. If you pay some money you can even use your favorite e-mail client to send and receive the e-mail (which, if used in conjunction with point 5 below is even more secure!). As a matter of fact, GMail offers free encrypted e-mail downloads with your account. Note: When using GMail, you need to make sure you log in to https://www.gmail.com, otherwise your connection won't be encrypted!
For those who worry about encrypted e-mail sending up red flags, if you use an encrypted e-mail account, the only one who might notice is the guy who is trying to hack in between you and the e-mail server. If everything you do is encrypted, then it should be less suspicious than if only some things you do are (like using PGP), because that simply says “paranoiac” nowadays rather than “oh, he’s got something to hide.”
4. Put Important Files in an Encrypted Portion of Your Hard Drive
TrueCrypt is a great, free file-encryption program. It allows you to encrypt portions of your hard drive so you can put sensitive files there. It’s fairly easy to use and if you use a long passphrase (mine are a minimum of 20 characters) and double encryption it’ll be nearly impossible to hack. However, if someone starts pulling out your fingernails to get you to tell them your passphrase, I would suggest complying….
On the downside, TrueCrypt uses a lot of processor power when the encrypted portions of your hard drive are mounted. This can be troublesome if you’re using your laptop on battery power and working on stuff that’s on the encrypted portion. I’ve found an almost 50% drop in battery efficiency when I’ve used my TrueCrypt partitions on battery power (that’s worse than watching a DVD on battery).
5. Put Your Thunderbird or Outlook Files on an Encrypted Partition
Please note that this will not work with Outlook Express!
If you store your outlook.pst file or install Thunderbird on an encrypted partition (such as one made with TrueCrypt) and only mount it when you’re checking e-mail, then you’ve added an extra layer of security. Between secure e-mail and your e-mail data files being on an encrypted partition, you’ll be about as secure as you can get without running your entire operating system in full encryption. See the article on How to Encrypt Microsoft Outlook 2003 Using TrueCrypt for a step-by-step guide to doing this with Outlook.
6. Lock Down Your Laptop When At Home or On the Road.
Use one of those Targus Defcon locks (or something similar) to lock your computer to your heater element or some other immovable object. This will make it harder for the Bad Guys to physically try to remove your machine. It won’t necessarily stop them, but someone who is bound and determined to get at your data will find a way, even if this includes kidnapping you and making you unlock your computer at knife-point.
That’s about it for my suggestions regarding your computer’s safety. If you have any more that you’d like to have added to this list, please e-mail computers@wolfhawke.com with your ideas.
|
