After this mornings news about Yahoo and the constant alerts about keeping your data safe, lets talk about how you can do it for free and the benefits and disadvantages.
Firstly you have look at your data online as open to grab, assuming this will make it easier to secure it. We’re going to discuss the levels of security and what you need to consider and how far you can take it, before I offer advice, this is not definitive, even if you do everything on this list, short of turning off the machine, locking it in a airtight case and shooting it into space, there’s no way to be totally safe.
How can people get in?
Hackers try every word in the dictionary and variations on the word until its correct, this can take a long time to word but if they can narrow the password down it could take hours or days
The scariest one so far is this, by gaining a little bit of information from you, they work through your banks, insurances, anything they can find and work step my step to gather more information, once they have enough, they can order replacement debt/credit cards, take out loans, open new accounts, its the core of Identity Theft!
Lets start with the basics…
These are the most common annoyance of all of us, hundreds of different site, iTunes, Amazon, Website, WordPress… the list is maddening. Most of us rotate between 3 or 4 passwords due to the fact we can’t remember more than that, and when forced to change we all add 1,2,3,4 to the end. Consider what you’re using for a password, if its something like M4$$i0Nth4UniC0rN then you have nothing to worry about, always choose a password with multiple variations, such as numbers, symbols and mixed upper/lowercase letters, change them regularly.
You can use a password generator to create one, try this one.
Two Form Factor…
This is a new one on the block for the general public, pushed after the icloud hacks and android hacks, we all saw the data breaches at the big companies, here’s where two form factor is great. If your service offers you it, activate it… it is annoying but could save your data in the future and slows down both Bruteforce and Social Engineering attacks. Two Form allows you have a second authentication method, such as Text Messages, calls, Apps on your phone, this means if someone gets your username and password for the site they still can’t login without access to the authenticator, meaning you have a change to reset the account and save your data from falling into anyone hands.
At this stage I would say most of us are now covered… if you want to go further down the rabbit hole its all system specific, but we’ll cover the theories.
Hard Drive/Storage Level Encryption
Linux, Apple, Android all offer Storage level encryption as standard (you need Windows 10 Pro for Bitlocker, but there are alternatives out there). This means you can encrypt the entire drive of your machine and link it to a password, USB or even the particular machine. The advantage of these system is ‘theft’ if you have all you data stored on these drives and they are encrypted they will require your code or a long time to gain access to the data, they can still bruteforce the machine but if you took my advice from earlier that will take a while and might not be worth their effort!
Forget the password and use Certificates
Certificates for remote login are fantastic ways of getting ridding the human factor, combined with allowing logins from restricted addresses you can effectively force the hacker to find the certificate and the addresses for access to this server. You can either pay for them from us or you can use Let’s Encrypt!
Remember if you over secure a server/machine you limit your access, and in fact make it a more tempting target, try making a honeypot to trap hackers before they find the important machines, and if the machine is that dangerous, keep it off the network and away from the outside world.
Good Luck and remember Paranoia is good for security teams, but too much isn’t always the best thing!