How Do YOU Establish a Secure Computing Environment?

sneakyimp writes "We've seen increasingly creative ways for bad guys to compromise your system like infected pen drives, computers preloaded with malware, mobile phone apps with malware, and a $300 app that can sniff out your encryption keys. On top of these obvious risks, there are lingering questions about the integrity of common operating systems and cloud computing services. Do Windows, OSX, and Linux have security holes? Does Windows supply a backdoor for the U.S. or other governments? Should you really trust your Linux multiverse repository? Do Google and Apple data mine your private mobile phone data for private information? Does Ubuntu's sharing of my data with Amazon compromise my privacy? Can the U.S. Government seize your cloud data without a warrant? Can McAfee or Kaspersky really be trusted? Naturally, the question arises of how to establish and maintain an ironclad workstation or laptop for the purpose of handling sensitive information or doing security research. DARPA has approached the problem by awarding a $21.4M contract to Invincea to create a secure version of Android. What should we do if we don't have $21.4M USD? Is it safe to buy a PC from any manufacturer? Is it even safe to buy individual computer components and assemble one's own machine? Or might the motherboard firmware be compromised? What steps can one take to ensure a truly secure computing environment? Is this even possible? Can anyone recommend a through checklist or suggest best practices?"

I Don't Use Computers

[Anonymous Coward]

I'm very secure because I don't use any computing devices, I live off the grid, I lie about everything and use an assumed name. If it wasn't for all that effort on my part everyone would know everything about me and post it on MyBook or FaceSpace, or whatever the new one is this week.

Weigh your options

[Sparticus789]

You have to achieve a personal balance between functionality and security. Security and functionality are inversely proportional. For the average user, having a login password will be enough. If you are storing private data, like tax returns and financial documents, encryption is a good idea. A Truecrypt container with a strong password (16+ characters, upper and lower case letters, numbers, and symbols) will suffice.

If you are of the moderately paranoid group (like me), then FDE, private browsing, and a SSD with TRIM capable motherboard/OS will be enough. If you believe the NSA is watching you, then try taking your meds and refer to the moderately paranoid measures.

"Secure enough" is "good enough"

[davidwr]

The Ninja post was a joke with a point: It's practically impossible to do "secure computing" unless you are an island unto yourself.

The better question is:
What level of security is "cost effective" for you?

I'll give my answer as a reply.

There is no security against paranoia

[Peter (Professor) Fo]

1 What are the threats? 2 Why do you care? 3 Expose as little as possible 'publicly' with as few people even knowing you have diamonds in your safe. 4 Have 'CCTV' so you can detect intrusions (and possibly a honeytrap) 5 Assume anyone with $$$ to spend technically will first spend $ on more basic intelligence. 6 [This list goes on and on]

At some point there is no escape of trust

[ZorroXXX]

There is no way you can avoid putting trust on something outside your own control, be it the C compiler [bell-labs.com], firmware on the motherboard or the CPU itself. So what you really are asking is "where should I put my trust level". That depends extremely from person to person and is next to impossible to answer, almost like asking "what car should I buy". You cannot expect good answers to what you ask without providing good indicators about what threats you consider important. However, the slashdot crowd usually does not pay any attention to the original question in any case, so maybe it is not that important :)

My answer Re:"Secure enough" is "good enough"

[davidwr]

This is about my personal computing, but I would apply the same general principles to other non-critical environments.

What's the worst thing that could happen to my computers? Someone sneaks into my home and installs a hidden camera to catch everything that's on the screen and all keyboard input, AND they somehow install something to log all network traffic and become the man in the middle when they want to.

How likely is this? Unless the feds confuse me with a terrorist and do this with a warrant, it's exceedingly unlikely.

What are some other "high-loss" risks?
* Virus that encrypts my computer and holds it ho$tage
* Virus installs a keylogger that captures an email login, banking credentials, etc. and uses them to impersonate me in a very bad way. "Hi, this is your bank. Your wire transfer to OFFSHOREBANK was processed this morning. This is just a call to remind you of a low-balance fee if sufficient funds are not deposited by the end of the day. Thank you."
* Fire or other calamity that physically destroys my computers, and things a lot more important than my computers.

So here's the big question:

What are the security vulnerabilities I can mitigate cheaper than the "cost" of just not having a network-attached computer at all?

* Fire/theft/physical loss. Mitigated/prevented by backups, casualty insurance, fire extinguishers, etc.
* Theft: Good encryption and good passwords. Pray the thief or his buyer isn't a forensics expert.
* Malware. Mitigated/prevented by backups, low-cost ("$50+tax with $50 mail-in rebate!") security software, "safe-surfing" habits (script-blocking, etc.), 2-way firewalls on the computer and network gateway/router, etc.
* Legal government intrusion: Mitigated/prevented by living in a relatively free country. Cannot be eliminated.
* Illegal/rogue government or ISP intrusion: Mitigated/prevented by living in a relatively free country that can and sometimes will throw individuals responsible in jail. Work on the assumption that this cannot be eliminated.
* WiFi intrusion on my home net: Mitigated by strong encryption and a good pass-phrase and a WiFi Router vendor that I trust.
* WiFi spoofing: Unknown risk.. Other than keeping the password secure and avoiding algorithms that are known to be vulnerable, I don't attempt to mitigate or prevent this.
* Public WiFi hotspots: Compute with care, avoid using them unless absolutely necessary. Prefer my cell phone's "G3/G4" instead of an unsecure or secure-but-untrusted hotspot.
* WiFi- and Bluetooth-based attacks: Turn off WiFi when not in use. Don't allow connections in or out without my permission.
* Backup failure: Test backups. Have multiple backups in multiple formats from multiple points in time.
* File format obsolescence: Have really important stuff in formats that will likely outlive the usefulness of the data. .TXT, TAB- and comman-delimited simple spreadsheets, .GIF and .JPEG images, and some versions of PostScript and PDF files are among the many formats that will likely be easily readable 10 or 20 years from now assuming the media is still readable or that the file has been copied to new media before it became unreadable. Human-readable paper printouts, photographic slides, and photographic negatives are also pretty much immune from becoming technologically obsolete in my lifetime, but they require large amounts of space and a certain amount of care. Paper and especially film also decays over a 10-100 year time frame.

Bottom line:
* If I lose everything I have on my computer, it won't drive me to suicide.
* The very important stuff is backed up in multiple places including offsite and in multiple formats.
* The medium-important stuff is backed up.
* If I can prevent a large amount of likely damage at a low cost, I'll do it.
* If I can't afford to lose it, I can't afford to NOT insure against loss.

Re:Simples!

[AK Marc]

Secure is powered off and disconnected from any cables, power, network, or otherwise. Security isn't possible. You always trade off security for usability. The question is rhetorical nonsense unless you also answer the question of "what level of usability do you want - what are you going to do with it?"

Re:linux

[jc42]

Oh right linux makes you immune from things like buffer overflows or user assisted attacks.

Nice strawman there. ;-) Of course it doesn't. But its open-source nature greatly increases the chances that 1) backdoors will be discovered by interested geeks and removed, and 2) people other than employees of the vendor will be able to fix problems quickly.

I ran across a case of this a while back, when I got a message from one of djb's team telling me how to exploit a security hole in a program used by one of my web sites. I tried it, the exploit succeeded. I opened up the code, found the problem (and a couple more related to it), fixed them, verified that the exploit no longer worked, and sent a letter thanking the guy for the info.

With closed-source software, I couldn't have done any of this. I'd have had to report it to the code's owners, and try to talk them into fixing it. If they decided to fix it (which isn't guaranteed), it would typically take months, during which time my site would have been vulnerable.

I also sent a description of the exploit, along with my patches, back to the code's author, who sent me a letter of thanks, and a day later I saw the message he'd sent to all his known users announcing the "security upgrade" that fixed the problem. The total time for this was under 3 days, which is orders of magnitude faster than most security fixes from commercial closed-source vendors.

Yeah, unix/linux and other open-source systems are vulnerable. But they're so much better at fixing problems that you'd have to be rather gullible to depend on software that doesn't supply this sort of response capability.

(And yes, I understand that most of the buying public is rather gullible. The commercial world depends on that, y'know. I also understand the argument that most people wouldn't know what to do with source code, but I consider this argument bogus. It means that you deny access to people like me, who are able to understand the code and fix it. I've done this many times during my career. You should be encouraging people like me, by making sure we can get at the code to your software. ;-)

Re:I Don't Use Computers

[dkleinsc]

I lie about everything

On the other hand, perhaps there's another explanation.....

That's no explanation, because he'd clearly have to be lying about lying about everything, but that means he's telling the truth, but that means he lies about everything, but that means .... *does not compute* *does not compute* *head explodes*

Re:Yes.

[s.petry]

Is it safe to buy a PC from any manufacturer?

Not any, but likely most.

Is it even safe to buy individual computer components and assemble one's own machine?

Again, usually it would be. It seems like software is typically the vector of attack. Hardware much less often comes with built-in vulnerabilities.

Probably not at all, and it's one of those things I have spoken about for 2 decades. What we see in software attack vectors is just because it's easy and known to be easy. Outsourcing our hardware manufacturing to overseas has opened new doors to hardware compromise. This is in addition of course, to what your own government injects as back doors in to hardware.

Think of the simple: All NIC drivers see a specific code in a buffer and shut down. Do you realize how much damage this would cause if lets say China decides to hit the US with a cyber attack? Worse, all your CPUs go into overclock and burn themselves up, mother boards draw too much power and burn up. This of course could cause fires, as well as the obvious damage to the computer.

Thing is, we simply don't know what has been done to hardware. Just because you don't see hacks does not mean that they are there, just that you have not seen them.

Does that mean you should live in a shoebox? Hardly, at least in my opinion. Business as usual until something happens, no reason to live paranoid. But expect that even the hardware you buy opens back doors, fails, or starts fires if someone so wishes. Nope, I have no trust for anything under "government" control.

Security is a Process

[ndrw]

I see that many comments have done a good job pointing out the paranoid mindset of the questions in this post. It's true, if you're absolutely worried about hiding your data from the FBI, CIA, and NSA, you are either doing something so illegal that I don't want to help, or you are delusional and paranoid. However, reading between the lines, I think you've just seen too much FUD about security. If you really just want security that's "good enough" then you can get it by following some of the simple best practices. Here's some things that have been found to help in most environments:

1) Passwords are pretty good. Use a different password (fairly long, somewhat complex [xkcd.com]) on each different site and use a password manager (put that on a non-networked system if you're concerned), instead of trying to memorize dozens of different passwords.
2) Separate important and unimportant systems - if you have an online banking account, don't access it from the same machine you surf the web for "warez" on.
3) Use virtualization technology to "sandbox" dangerous activities. If you're researching viruses or malware, or browsing unusual web sites, do that in a virtual machine with snapshots. Destroy the virtual machine or restore to a "known good" configuration frequently.
4) Turn on firewalls, run anti-virus, and use registry/configuration cleaners frequently. If you're blocking any inbound connections to your network, you're safer. If all files you download are scanned, you're safer. If you regularly scan for known exploits and malware, and remove infections or destroy the system, you're safer.
5) Use encryption for sensitive information. Full disk encryption on your traveling laptop would be a great start. Use disk or file based encryption on sensitive documents, and ALWAYS use SSL when transmitting over open networks (that means ssh instead of telnet, FTPS instead of FTP, etc.). Encrypt backups as well as primary data.
6) Keep your systems reasonably up to date and follow recommendations from your software vendors about best security practices.

I'm sure there's a thousand other tips that would help, but you're not paying me, so this is where I'll stop.