Topic: [Guide] Protect your Crypto: Security tips for your home computer & network - page 2. (Read 504 times)
September 14, 2019, 05:33:42 AM
Nice guide mate. I would like to add another thing to the post. It's a virus guard. You have to add a good virus guard to the computer and keep update it every day. The next thing is you have to update your operating system too. It will help to protect your computer from unwanted things and keep your computer fresh and clean.
September 14, 2019, 04:44:30 AM
If you are running a desktop computer rather than a laptop, then for max security you can just go old school and connect to your router with an ethernet cable and disable the WiFi altogether. Some routers will also let you disable admin access over WiFi and require a physical connection to gain admin access. Definitely make sure you have turned off remote access.
AndOTP is also good for 2FA.
VPNs are becoming more and more necessary for all internet users, given the amount of spying and surveillance undertaken by ISPs, governments, and other interested parties. I would never dream of connecting to a public WiFi with a VPN, even for the most cursory of internet use. You would be allowing all your data to be intercepted without too much hassle. Even with a VPN, I still wouldn't be using public WiFis for anything sensitive.
AndOTP is also good for 2FA.
VPNs are becoming more and more necessary for all internet users, given the amount of spying and surveillance undertaken by ISPs, governments, and other interested parties. I would never dream of connecting to a public WiFi with a VPN, even for the most cursory of internet use. You would be allowing all your data to be intercepted without too much hassle. Even with a VPN, I still wouldn't be using public WiFis for anything sensitive.
September 14, 2019, 04:06:58 AM
Nice guide with good information.
I would suggest few more email providers like Tutanova or Mailfence.
They are encrypted and safer than Google or Yahoo mail.
I would suggest few more email providers like Tutanova or Mailfence.
They are encrypted and safer than Google or Yahoo mail.
Thanks for the input.
I will definitely take a look at the two providers mentioned.
I've been using Protonmail for several years, so I never looked for an alternative. Tutanova looks definitely very interesting at first sight.
September 13, 2019, 05:45:18 PM
Thanks for the advice, i don't connect to any public WiFi because i don't trust them and i will suggest that people should avoid public WiFi if not necessary.
September 13, 2019, 04:25:43 PM
Nice guide with good information.
I would suggest few more email providers like Tutanova or Mailfence.
They are encrypted and safer than Google or Yahoo mail.
I would suggest few more email providers like Tutanova or Mailfence.
They are encrypted and safer than Google or Yahoo mail.
September 13, 2019, 02:28:24 PM
The idea was to write a short guide to help you make your home computers more secure.
It's definitely a step in the right direction to protect your network/pc/wallets from unauthorized access.
OVERVIEW (clickable)
WLAN NETWORK
Starting with the (for me) most important part, because at the same time also the most critical one.
- Disable WPS
Basically there are two different possibilities how to establish a connection via WPS.
PIN:
To establish a connection you have to enter an 8-digit PIN.
The router does not check the 8-digit PIN all at once, instead it will check the first four digits and then the last four.
Reaver, for example, offers a very simple way to launch a brute force attack on the WPS pin.
Attention: The WPS Pin function is enabled by default on many Router models.
Push- Button:
This is a much safer version, as a physical button on the router has to be pressed and the connection can only be established for a matter of minutes.
- Change Wifi Password and Admin Password
A Netgear router default (WiFi) password is composed as follows:
adjective + noun + 3 digits
Shouldn't be too difficult to fnd using a Dictionary + Hashcat with GPU.
You can find an overview of WiFi password standards on the following website: https://forums.hak5.org/topic/39403-table-of-wifi-password-standards/
Please also change the default admin password as soon as possible!
If you cannot memorize your default password, you can find it for example here: https://default-password.info/
- Do NOT(!) hide your network
The SSID (the name) of your network is sent as a broadcast to be detected by other devices.
Suppressing the SSID broadcast is NOT a security feature!
What happens if you disable the SSID Broadcast:
Now the clients have to actively search for the trusted networks by sending a broadcast of the trusted SSID.
Attackers can now use this SSID information to impersonate the client as a trusted AP.
Even Windows board tools are able to display the hidden networks (wlan show networks mode=bssid).
The SSID itself is relatively easy to find out with Kali Linux and airmon-ng.
- Only use WPA or WPA2 (Important!!)
- Do NOT filter MAC addresses (optional)
Filtering MAC addresses is generally NOT considered a security feature and is more of a network administration feature.
All an attacker needs to do is monitor the traffic and examine a data packet.
However, this filter offers no disadvantage in terms of safety and can therefore still be configured at will.
PASSWORDS
- Use an offline password manager
Please do not use any browser extensions!
My recommendation: KeePass
Hint: KeePass can also be used in combination with a yubikey.
Here is the official tutorial: https://www.yubico.com/why-yubico/for-individuals/password-managers/keepass/?s=
2 FACTOR AUTHENTICATION
In addition to passwords it is recommended to activate 2FA (wherever possible).
The Google Authenticator is probably the most popular tool available.
My recommendation: Authy
Authy provides the ability to backup all Authenticator accounts and grant access to multiple devices.
The backup is stored encrypted in the cloud.
Anyone who has ever migrated their Google Authenticator to a new smartphone will probably appreciate the advantage provided by this solution.
However, the backup function does not have to be activated here.
(Everyone has to decide for themselves if they would like to use the backup function.)
Hardware authentication via FidoU2F is even more secure!
My recommendation: Buy a yubikey!
How this works with a ledger you can read in another thread of mine:
[Howto] Use Ledger Nano as Security Key
MAIL ADRESS
- Is your mail address part of a data leak?
Simply navigate to https://haveibeenpwned.com/, enter your e-mail address and click on the "pwned?" button on the right.
It will automatically check if the email address and associated accounts are compromised.
- Choose the right provider
My recommendation: ProtonMail
- Phishing Mails
These mails are used by malicious actors to steal personal data or money.
Here are some common methods:
- You have won
You are the winner of a contest, lottery or similar, in order to receive the amount should first pay a fee or accrued taxes.
- Mails asking you to reset your password
- Sextortion SCAM
Here the perpetrator claims to be in possession of a webcam record of you visiting a porn site.
Often there is also a password attached that has been linked to your email address in the past.
This is mostly from a data leak. (please refer to: Is your mail address part of a data leak?)
Hint: Generally use a separate password for each service and use a password manager.
USE VPN
For additional protection, it is recommended to use a VPN service that does not log private data.
This is especially recommended if you are not in your own home network.
My recommendation: AirVPN (native client also for LINUX!!) or NordVPN
It's definitely a step in the right direction to protect your network/pc/wallets from unauthorized access.
OVERVIEW (clickable)
WLAN NETWORK
Starting with the (for me) most important part, because at the same time also the most critical one.
- Disable WPS
Basically there are two different possibilities how to establish a connection via WPS.
PIN:
To establish a connection you have to enter an 8-digit PIN.
The router does not check the 8-digit PIN all at once, instead it will check the first four digits and then the last four.
Reaver, for example, offers a very simple way to launch a brute force attack on the WPS pin.
Attention: The WPS Pin function is enabled by default on many Router models.
Push- Button:
This is a much safer version, as a physical button on the router has to be pressed and the connection can only be established for a matter of minutes.
- Change Wifi Password and Admin Password
A Netgear router default (WiFi) password is composed as follows:
adjective + noun + 3 digits
Shouldn't be too difficult to fnd using a Dictionary + Hashcat with GPU.
You can find an overview of WiFi password standards on the following website: https://forums.hak5.org/topic/39403-table-of-wifi-password-standards/
Please also change the default admin password as soon as possible!
If you cannot memorize your default password, you can find it for example here: https://default-password.info/
- Do NOT(!) hide your network
The SSID (the name) of your network is sent as a broadcast to be detected by other devices.
Suppressing the SSID broadcast is NOT a security feature!
What happens if you disable the SSID Broadcast:
Now the clients have to actively search for the trusted networks by sending a broadcast of the trusted SSID.
Attackers can now use this SSID information to impersonate the client as a trusted AP.
Even Windows board tools are able to display the hidden networks (wlan show networks mode=bssid).
The SSID itself is relatively easy to find out with Kali Linux and airmon-ng.
- Only use WPA or WPA2 (Important!!)
- Do NOT filter MAC addresses (optional)
Filtering MAC addresses is generally NOT considered a security feature and is more of a network administration feature.
All an attacker needs to do is monitor the traffic and examine a data packet.
However, this filter offers no disadvantage in terms of safety and can therefore still be configured at will.
PASSWORDS
- Use an offline password manager
Please do not use any browser extensions!
My recommendation: KeePass
Hint: KeePass can also be used in combination with a yubikey.
Here is the official tutorial: https://www.yubico.com/why-yubico/for-individuals/password-managers/keepass/?s=
2 FACTOR AUTHENTICATION
In addition to passwords it is recommended to activate 2FA (wherever possible).
The Google Authenticator is probably the most popular tool available.
My recommendation: Authy
Authy provides the ability to backup all Authenticator accounts and grant access to multiple devices.
The backup is stored encrypted in the cloud.
Anyone who has ever migrated their Google Authenticator to a new smartphone will probably appreciate the advantage provided by this solution.
However, the backup function does not have to be activated here.
(Everyone has to decide for themselves if they would like to use the backup function.)
Hardware authentication via FidoU2F is even more secure!
My recommendation: Buy a yubikey!
How this works with a ledger you can read in another thread of mine:
[Howto] Use Ledger Nano as Security Key
MAIL ADRESS
- Is your mail address part of a data leak?
Simply navigate to https://haveibeenpwned.com/, enter your e-mail address and click on the "pwned?" button on the right.
It will automatically check if the email address and associated accounts are compromised.
- Choose the right provider
My recommendation: ProtonMail
- Phishing Mails
These mails are used by malicious actors to steal personal data or money.
Here are some common methods:
- You have won
You are the winner of a contest, lottery or similar, in order to receive the amount should first pay a fee or accrued taxes.
- Mails asking you to reset your password
- Sextortion SCAM
Here the perpetrator claims to be in possession of a webcam record of you visiting a porn site.
Often there is also a password attached that has been linked to your email address in the past.
This is mostly from a data leak. (please refer to: Is your mail address part of a data leak?)
Hint: Generally use a separate password for each service and use a password manager.
USE VPN
For additional protection, it is recommended to use a VPN service that does not log private data.
This is especially recommended if you are not in your own home network.
My recommendation: AirVPN (native client also for LINUX!!) or NordVPN
Jump to: