What Does a Security Guy Do to Protect His Own Computer?

It is not uncommon for someone to ask me what I do to keep my computer safe.  I can’t list everything here, but I will list some of the basic things I do and don’t do, to keep my workstation unhacked (not-a-word).  Some of this stuff is unexciting, but needs to be mentioned regardless.

  • I roll up my car window when driving through a dangerous neighborhood, commonly referred to as the Internet.  More specifically, I do not allow scripts to run on my browser without authorization.

The Internet is a very dangerous place.  If you were driving through a bad neighborhood, would you lock your door and roll up your windows?  Unless you are looking for trouble, it would probably be a good idea.  Hackers describe your Internet clouds-through-window-framebrowser as a window into your computer.  They love your browser.  We could spend a long time discussing browser security and best practices, but if I had to pick one thing to recommend, it would be this.  Do not allow scripts to run by default.  Scripts are basically little programs that give every website the awesome functionality we are all looking for.  More often than not, you have to allow the scripts on a webpage to run for it to work properly.  Unfortunately, the bad guys know this too and they use scripts to execute a wide range of attacks.  If you are a Firefox user, install NoScript.  I mostly use Chrome so I am using an extension called NotScripts.  I’m also using Vanilla Cookie Manager, HTTPS Everywhere and Adblock Plus for additional protection.  WOT is worth mentioning too.  I still use IE, but only for trusted websites.

  • I never login to do day to day work as a local administrator.  Never.  Sometimes?  NEVER!

I am going to use an overly dramatic illustration to drive this point home.  SANS expert Dr. Eric Cole categorizes surfing the Internet and checking e-mail as two of the most dangerous actions in the world.  Outside of cyber, perhaps bungee jumping would also be considered pretty dangerous.  Would you go bungee jumping without any safety precautions?  Would you detach your bungee cord because you find it to be too restrictive or inconvenient?  Of course not.  You know that bungee jumping with all the precautions in place is still high risk.

bungee-jumping-1

The same is true of checking your e-mail and surfing the web.  If I didn’t need admin access to my computer, I would gladly give it up.  It is no great privilege.  Since I do need it to effectively do my job, I logon to my computer as a standard user and if something I am doing requires admin access, I use run as functionality or temporarily login as my local admin account to do that particular task.  Keep the bungee cord attached!

  • I always install antivirus, enable a local host firewall and set patches to automatically install.  AlwaysBut I have a Mac…ALWAYS.  But…ALWAYS!

I won’t relaunch into my bungee cord illustration, but you get the point.  Every OS is  equally deficient.  Personal sentiments aside, there is no one software vendor less vulnerable than another.  In fact, security experts analyzed which OS has the most vulnerabilities and they found that the vulnerability count for every OS is within 2% of one another.  Security decisions must be data driven.  It’s true that some operating systems are more targeted than others, but that detail should not make you feel safe.  Perhaps you’ve noticed that more people today are using Macs.  The bad guys know that too.

  • I use a password manager so that I can maintain separate passwords for each of my accounts.

For the time being I am using Dashlane.  It fills my needs.  There are some other ones out there that are equally great if not better (Lastpass, 1password, yada yada yada).  Basically, password managers allow you to digitally write down every username and password you have and encrypt them using one master password.  They also can generate secure passwords for you so your other accounts are adequately protected.  You can see that there is a tradeoff here.  If that one master password is weak or gets compromised, you are in trouble.  Still, you are much better off if all your passwords are unique and secure.  The Heartbleed vulnerablility proves that point. heartbleed

The biggest factor for me in choosing a password manager is whether or not the company stores your master password anywhere.  Actually, that master password works as your decryption key to your encrypted password list stored within the password locknkeymanager software.  Encryption is the commonly likened to the lock on your door and your master password is the key.  If the encrypted data and the key is stored together, it would be akin to taping your house key to the front door of your house.  Sadly, that is not rare.  Dashlane says they do not store it at all so if they were breached, the adversary would only get a worthless chunk of encrypted data rather than my password list.  Also, if you forget your master password, it is gone forever.  So are the many passwords protected by it.

An additional benefited was noted by one hacker during a Defcon conference.  One of his targets was inadvertently protected against a keylogger that the hacker deployed.  Why?  The password manager the target used came with an auto login feature, so there were no key presses to log.  Pretty cool!

My fingers are tired and I think I shared enough to keep you busy for a while.  What steps do you take to secure your computer?  Let us know in the comments below.

Thanks for reading and don’t forget to subscribe.

Windows Admins: Find Evil

Quote

This is a great point of reference for Windows Administrators trying to determine if a process or service is legitimate.  I think this is worth sharing because as a Windows Admin, I googled csrss.exe more times than I’d like to admit.  Enjoy!

“In an intrusion case, spotting
the difference between
abnormal and normal is
often the difference between
success and failure. Your
mission is to quickly identify
suspicious artifacts in order
to verify potential intrusions.
Use the information below
as a reference for locating
anomalies that could reveal
the actions of an attacker.”

Download it HERE.

Thanks for reading and don’t forget to subscribe!