I’ve been asked questions recently along the lines of how do I stay safe doing *insert internet activity here*
Based on these questions I’m writing this to give some advice and suggestions on staying safe! This will be a long post but will not be completely exhaustive.
I’ve broken these down into categories to make it easier to read, if you have any comments please let me know here
This article is focused around your home network and your devices.
Operating System Security
So, to address the immediate easiest way to improve your security, consider Linux!
Linux is much easier to secure, but isn’t for everyone! If your a gamer, there is some steam support and there are linux apps for productivity and creative applications. But the chances are, you wont be moving away from Windows or Mac.
If you are considering moving to Linux, there are many different Distributions out there and most of them have live systems so you can try before installing on metal.
One I urge you to consider outside of Ubuntu and Parrot is Fedora.
I remember installing Fedora core 3 by burning this to a DVD, when i read the other day that version 34 is in beta, it makes me feel old!
This version of Fedora is a very good looking operating system thanks to GNOME 40. It makes you realise how far Linux has come with its interface design!
So, your sticking with Windows?
You need antivirus and, unless you are super careful, free AV isn’t going to cut it!
My recommendation, which may be controversial, is Kaspersky Total Security.
I have seen tests run with this product where the signature engine and realtime engine were switched off and it still managed to detect 100 out of 100 ransomware binaries.
I cant recommend this product enough and I’m not sponsored by Kaspersky.
You can find Kaspersky for a great deal on the 1 year, 3 device plan and i’ve linked to some of them below.
All the below are for 3 device/1 year subscriptions. You can also buy a previous years subscription because the product you receive is the latest version!
One of my favourite parts, through my Kaspersky you can see any issues or run virus scans on any PC that is part of your licence.
The only drawback for me, is Kaspersky safe kids. The monitoring can be really agressive if you kids search gaming topics. It even picked up and blocked some Minecraft content.
So how do you keep someone out of your WiFi? WiFi passwords are hard to crack right?
We are going to focus on a couple of areas around your WiFi router on this and ill explain the reasons for each.
Should you hide your SSID?
Personally, for me, you should never hide your SSID for the following reasons;
- Its only hidden to some devices, if someones using Kali or a Wifi pineapple, you still show up.
- If you follow my advice in this section, it leads a potential attacker down a rabbit hole
No mater who you get your Wifi router from, if it comes with your internet package, always change your WiFi password!
The way these are traditionally attacked is an attacked will capture the connection process called a handshake, then use a dictionary to crack this. ISP’s started introducing more complex passwords because people didn’t change them, so attackers use the SSID to identify the router manufacturer or ISP and then create a dictionary based on their default password patterns.
For example, if your router is from SKY, your default password set was previously believed to take around 2.5 weeks to crack. This changes when you bring in cloud computing and all possible password combinations for your router can be tested in 24 hours and 50 minutes. That’s all 208 billion in just over a day. Yes, it would cost £103 to do this, but that cost could be justified.
So, how do you choose a password?
- Add a special character at the start or the end of the default password, this stops someone reading it from your router, plus as advanced as the method above sounds, this completely eliminates it! Because your password doesn’t follow the default password syntax, this method wont work.
- DO NOT use a password that is a name or any word found in a dictionary. The fallback plan if the method above doesn’t work, could be to try a dictionary attack.
MAC Address Filtering
This can be turned on in your router and is sort of a last line (and probably best line) of defence for your home WiFi.
The MAC address is a hardware address of your PC, phone, printer and any other internet connected device.
It lets you specify what devices can and cant connect to your WiFi. If a device tries to connect that’s not on the allow list? the connection is rejected.
Please be aware though, from sniffing a network, it is possible for an attacker to clone your MAC address to their network device to bypass mac address filtering.
Firstly, I know how annoying Windows update can be, Linux updates are much more pleasant because it can update while running.
But you should never put these off, Windows updates and application updates contain potentially critical security patches that keep you safe.
When an attacker completes recon of your network (enumeration), we look for the versions of what applications are installed to see if they are out of date. This includes checking browsers, media players and any other application you have, not just your operating system.
But surely it doesn’t matter if I put some updates off?
YES, it does!
As an example, Foxit reader has 28 known public exploits at the time of writing. Sometimes it can be the most simple unpatched application that creates a vulnerability.
To finish this section, I wanted to include some general good housekeeping practices.
Don’t use it anymore? Uninstall it!
Chances are, if a security patch has been released you wont be prompted to install it until you launch it. If you don’t use things anymore, remove them. This can be applications and plugins for applications i.e browser plugins.
Connected to WiFi?
If you do for any reason connect to public WiFi or someone elses WiFi, go into your WiFi settings and choose “forget network”
Why should you do this?
Because your device is constantly broadcasting a list of known WiFi connections to try and connect back to them, this sounds dangerous doesn’t it?
It is! An attacker can create an Evil Twin of a network that is known to your phone or laptop to trick it into connecting to them instead of a legitimate network.
Don’t plug anything in!
Someone wants to show you a cool video on USB? Need to borrow a charging cable?
All these are not safe! Previously, a USB device could contain a piece of malware on that would infect your computer. Some companies stop any storage devices being connected to their systems to resolve this, but personal computers don’t do this.
Also, to get around this, attackers now use USB devices that mimic human interface devices such as keyboards which allows an attacker to create a connection to your computer just by plugging a USB device in. These work by typing the commands into your computer at an insane speed that by the time you realise something happened its too late.
These come in many forms, such as a USB rubber ducky from HAK 5 which is probably the most well known. They advanced this further by placing the same technology an capability into a phone charging cable. The safest way to avoid this, only plug your things into your computer.
I hope you found these helpful and picked up some tips to stay safe , if you want to read more about staying safe online please have a read of my second part of this article called Personal Cyber Security – Internet and Browsing.