Guide to Computer Security (Archive)

From NewgonWiki
Revision as of 06:11, 10 June 2009 by Innormal (talk | contribs) (Started wikitexting)
Jump to navigation Jump to search

Guide to Computer Security was produced by tpka Colonel Abrams after a consultation with the Newgon.com forum community. It explains how you can protect data stored on your hard drive and stay anonymous on the internet. The guide should be read by anyone who has a special interest in avoiding the scrutiny of cyber-vigilantes and corrupt law enforcement officers. It should not, however be seen as a vital first step to participation in Newgon.com or any similar websites.

The guide is divided into the following sections:

Protecting data stored on your hard drive

Locking down Windows

Windows at its default settings is an insecure operating system. Having been designed for mass consumer/commercial usage, it tries to be all things to all people. Consequently, it has a tendency to run unnecessary services, store/hide private information in numerous, often hidden, locations, and exposes your PC to unnecessary security risks.

Disable unneeded services

Many of the services in Windows are unnecessary, and some are security risks (e.g. the 'Remote Registry' service, which permits third party network access to the computer's system settings). There are numerous online guides giving advice as to which services you can safely disable. [1] [2]

System Restore points

By default, Windows saves a backup of your system settings at regular intervals (and therefore may store information that is ideally kept sensitive) in case you need to roll-back the system to an earlier point in time. Most computer problems can be fixed via other methods however, and if you don't use/need System Restore you can disable it (via Control Panel / System / System Properties / System Restore tab).

Hibernation

If you don't use hibernation, ensure that this is disabled, since otherwise it will intermittently save anything that you are currently working on to your hard drive in plain text form – even encrypted documents – which could later be retrieved. (Control Panel / Power Options / Hibernate tab / uncheck 'Enable Hibernation').

Pagefile/Swapfile

By default, Windows creates a file on your hard drive (pagefile.sys) which it uses as additional computer memory, and it shifts running processes to this file on the hard drive when necessary. Many modern PCs have sufficient RAM (e.g. over 1 GB) not to need this file. You can disable it via Control Panel / System / Advanced tab / select 'Settings' button under the 'Performance' heading / Advanced tab / Virtual Memory / Change / select 'No Paging File' / click 'Set' / click 'Ok'.

NOTE: Disabling the pagefile is contentious, and the debate around this is unresolved [3] Provided you have a reasonably fast CPU and a decent amount of RAM, you should not encounter any problems. If you do need the paging file for some reason, or your RAM capacity is not sufficient to do without it, you should at least ensure that it is securely wiped when the computer powers off (see Section 1.3.1., below). In addition, the pagefile can be encrypted using a dedicated encryption product, such BestCrypt.

Windows Security Center

The built-in Security Center and Windows Firewall are highly ineffective. Disable them via the Control Panel, and use a third party Firewall instead (see Section 1.2, below).

Windows Privacy Tools

In addition to the above steps, you can utilize easy-to-use, one-off, privacy tools to tighten up Windows settings. See, e.g. Security and Privacy Complete and XP Anti-Spy.

Alternative Software

Avoid using Microsoft software (e.g. Office, Outlook Express, Internet Explorer, Windows Media Player) so far as possible. Since they are designed to collaborate with one another, most of them leak personal information all over the place. Use open-source alternatives so far as possible (which typically also have the added benefit of being much less resource-hungry). For example, consider using:

  • Open Office suite instead of MS Office (Word, Excel, etc). Particularly important for office software is to remember to disable 'auto-save' in the program options – since if you are working on an encrypted file the document may be saved to your drive as plain text during an auto-save.

Avoiding Malware

The commonly talked about threats to computer data surround the execution of malevolent code on your PC, in the form of viruses, trojans, spyware, etc. Discussion of this topic usually revolves around damage to your data or identity theft by cyber-criminals for financial gain; but it is also crucial to ensure that you are protected from malware that could benefit other adversaries. One obvious aspect is keylogging software: you can come up with the most complex passwords to protect your data, but if there is a keylogger on your PC capturing each keystroke you enter, the password might become worthless. Equally insidious is the use of 'copware' – malware planted on your PC via LEA pecifically targeting you [4]. Such software frequently arrives on the target's PC via email attachments. Standard email advice applies, e.g:

  • Disable HTML in your emails – in most webmail and desktop email clients there is an option to do this in the settings (eg. in Thunderbird: 'View' menu / uncheck 'Display attachments inline' and check 'View message body as...plain text')
  • Use Anti-Virus software that scans emails as well as files
  • Don't open attachments from unknown sources

In addition, further advice includes:

  • Check regularly for the presence of hardware keyloggers (a small device fitted to your PC designed to record keystrokes as an alternative to software keyloggers). The device will appear inconspicuous, and could, for example, resemble a traditional USB-type plug. Also consider applying a drop of paint (or, e.g. correction fluid) to the screws in the back of keyboards, making it easier to see if the hardware has been tampered with.
  • When encrypting data, and where given the option to do so, use 'keyfiles' in addition to passwords. This is an available option with some encryption programs, which enables you to specify a file(s) on your hard-drive (perhaps a photo, for example) that must be entered in addition to a password. This will help protect against keyloggers (though not against malware that also captures mouse-movements).
  • If practicable, you could also use an on screen keyboard (OSK) to enter passwords (thereby using the mouse rather than the keyboard).
  • Zero-emission pads: Surveillance teams can remotely scan the electromagnetic emissions from your computer monitor, e.g. as you type a passphrase (google TEMPEST for technical details). You can use a replacement text editor that enables you to view and/or edit text in a special font and screen that allegedly 'diffuses the emissions from your computer monitor efficiently enough to defeat TEMPEST surveillance equipment', such as this one [5]
  • So far as security software is concerned, you should have one Firewall, one Anti-Virus (AV) program, and one Anti-Spyware (AS) program, all providing 'real-time' protection. For completeness, you could also install a second AV and/or AS program and/or dedicated anti-trojan software (such as TrojanHunter) – not to operate in 'real-time' (since a software conflict is possible) but just to perform regular scanning of your PC.
Firewalls, AV and AS vary considerably in effectiveness (as well as in the amount of your PC's resources that they use). Check PC magazines for test results, or check online sources for the most effective protection. Good sources of information are sites such as Wilders Security Forums and Matousec.
It is sometimes rumored – though to what extent this is likely is debatable – that major AV/AS companies may turn a 'blind-eye' to copware. Here is one advantage of using standalone products, e.g. separate AV, AS and Firewall software each from a different company, rather than the easier option of relying on a single security suite such as Norton or McAfee. In addition, some software is notorious for 'phoning home' regularly – Zone Alarm, for instance, frequently (more so than necessary) contacts its company's servers without notifying the user. It may therefore be desirable to turn off 'automatic updating', and manually update software at (say) daily intervals; and for persistent software (e.g. Zone Alarm) you can prevent it from contacting its servers by making simple changes to the Windows 'hosts' file [6].
  • In counteracting malware, you should also keep an eye on which programs are running on your PC, and whether any software has set itself to startup when you boot Windows. Both can be checked via Windows' built-in tools:
    • to view running processes, open Task Manager by right-clicking on the taskbar and selecting the 'processes' tab. You can identify any processes you do not recognize online, by looking them up at sites such as [7].
    • to check which programs are set to start when you boot Windows, go to Start / Run... then enter “msconfig” in the box (without the quote marks). In the window that appears, the last tab marked 'Startup' lists these items. Many of these are inserted by software, and are unnecessary. To check whether it needs to run at startup, identify the program at the following site: [8] and uncheck any that are not needed. (Note, this has the added advantage of substantially reducing the PC's boot time).
As an alternative to these built-in Windows tools, you could use a freeware program to keep a closer eye on running processes and startup items, such as What's Running, Process Explorer or CurrProcess
  • Keep up-to-date all your software that uses network connections, such as your browser, anti-virus software, and all security products.

Cleaning / Erasing

Windows stores a vast amount of information about your activities, which should be cleaned up on a regular basis.Note that such traces, along with any files that you chose to get rid of, should be securely erased rather than just deleted. This distinction between 'deleting' and 'erasing/wiping' is a crucial one. Deleting data in the standard way merely makes the data invisible to Windows – it remains on the hard disk until it is overwritten by other data. Instead of deleting, data should be securely 'erased' or 'wiped' (i.e. it is overwritten a number of times with random data so that it becomes unrecoverable).

Erasing files

There are numerous tools available for securely erasing files. One simple, freeware, tool is (Heidi) Eraser. This has various features, one of which is to insert itself into your context menu, such that when you right-click a file, you just select 'Erase', and it will wipe the file according to the number of 'passes' that you specify. Another useful feature is 'Erase Secure Move': usually when you move files from one place to another, behind-the-scenes Windows actually copies the file to the new location, then deletes the existing file – which suffers from the above-mentioned issue of the deleted file being recoverable. With the Erase Secure Move option, after the file is copied to the new location, the existing file will be wiped, rather than just deleted.

NOTE: Eraser can also be set to erase the Windows 'pagefile' on shutdown/restart (see 'Locking down Windows', Section 1.1, above).

Erasing disk space

Files that are deleted automatically by Windows (e.g. temporary files which it has created), or files that have been deleted by the standard method without having been wiped as above, will be simply be hidden in 'free disk space' until overwritten. To ensure that these have been removed, regularly wipe the 'free disk space' on your hard drive – again, Eraser (above) is good for this purpose.

Cleaning traces

Most software stores information about your usage – e.g. Internet browsers keep a record of details such as your browsing history, downloads, and cookies; PDF readers store a history of the last few files you've read; Office products keep a record of recently opened documents and perhaps unusual words used therein; media players store details of recently played files; Windows itself stores temporary files, prefetch data, memory dumps, and so on. A simple way to erase all such tracks in one go is to use dedicated 'cleaning' software. For example, CCleaner is a decent freeware program which will erase these tracks for you. In the settings options, you can select the number of times such traces should be 'wiped', rather than simply deleted.

NOTE (1): All decent erasing/wiping/shredding software will allow you to specify the number of times that the data will be overwritten – typically, you can choose to overwrite data once, three times, seven times or thirty-five times, depending on the sensitivity of the data. There is some debate as to whether modern hard drives require as many passes to irrevocably destroy data – Googling this issue will produce much discussion. To be on the safe side, a minimum of three 'passes' is suggested. Naturally, the more 'passes' over the data you select, the longer it will take. Be aware that, say, shredding the entire free disk space on a hard drive (which may be hundreds of gigabytes) will take a significant amount of time.

NOTE (2): If wiping data on flash memory (e.g. USB sticks), wiping individual files is insufficient to make them irrecoverable, due to the way such memory writes data. See the special section on USB drives (Section 1.5, below).

Encryption

Broadly-speaking, “computer forensics” involves inspection of the computer hard drive for evidence as part of a legal investigation. In the event that your PC is seized, investigators or other adversaries will search it for the 'activity traces' referred to in the previous section, as well as stored files and documents, and other evidence of how the PC has been used (e.g. checking the Windows Registry for evidence of which USB drives have been used – since details of such devices, including their serial numbers, are stored there). The goal of encryption is to make data unintelligible, so that, even if your data is seized, it cannot be read.

A brief note on the medium which you may be using: first, there is the hard drive. Typically, Windows will be installed onto partition C of the hard drive (and unless you have created other partitions, this may make up the entire physical drive). Data may also be stored on external, USB hard drives; on flash memory drives (USB sticks / pen drives); on floppy disks, CDs and DVDs. It is important that, on whichever medium you store sensitive data, that data are encrypted.

Individual files

There are numerous tools available to encrypt data, offering various different options. Some software will simply encrypt individual files – they will still be visible on the hard disk, but a password will be required to open them. Other software offers a greater range of options, such as creating a 'vault' on your hard drive of a specific size, into which you can place sensitive files without having to encrypt each file individually.

TrueCrypt is highly recommended for your encryption needs. It enables both the creation of encrypted files, as well as the ability to encrypt an entire hard drive partition, or an entire device (e.g. a USB stick). It also allows for the creation of 'hidden volumes' – a partition/device can be encrypted, then within this encrypted container a second, encrypted contained is created. This is primarily so that if you are forced to decrypt the 'outer' volume, on which you might store a few sensitive-looking, but unimportant files, it will not be evident (and cannot be proved) that there is a second, hidden volume. (NB. For various security reasons, encrypting partitions or devices is preferable to encrypting individual files – the TrueCrypt manual explains these in detail.)

The advantage of the open-source TrueCrypt over most other encryption software is the 'plausible deniability' aspect. It is impossible to prove that a partition or device encrypted with TrueCrypt is in fact encrypted. Upon forensic analysis, the partition or device appears to simply be filled with random data – as though there is nothing on the partition or device. This is crucial in authoritarian regimes, e.g. the United Kingdom, which has enacted a criminal offense (punishable by up to 2 years, or 10 years in terrorism cases) of 'failing to decrypt' (or provide the password to enable decryption) when demanded by the authorities. Obviously for such a law to be used against you, it would have to be established that you had some encrypted material in the first place. With a TrueCrypt-encrypted device or partition, this should be impossible to prove.

NOTE: If you are working with individual encrypted files (rather than storing files in a container or partition) and are using USB flash drives, see Section 1.5 on USB drives below.

System Drive / Full Disk / Whole Disk Encryption

The disadvantage of only encrypting individual files or external devices is that computer forensics can still reveal much about your computer usage from the system partition (the drive on which Windows is installed) and – importantly – sensitive details such as your browsing history, bookmarks, emails, and email contacts addresses, may be accessible. Details of your contacts is one of the first things an adversary will check for, which they will use to 'broaden' their investigation, perhaps by targeting those contacts. There is therefore an obligation to protect not only yourself, but also those with whom you correspond.

Computer forensics is essentially rendered ineffective by encrypting your entire system drive (typically the C: drive in Windows). This is the ideal position: if the adversary cannot access your hard drive to begin with, you have gone along way to defending your data. The latest versions of TrueCrypt (versions 5.0 and upwards) have an option for encryption of the system drive (or the entire hard drive, if it has more than one partition). It is very simple to use, and will ensure that no one can access your hard drive without first entering the correct password prior to the computer booting (and also makes it more difficult for adversaries to plant data on your hard drive). A detailed reading of the TrueCrypt manual is essential in order to encrypt the system drive effectively.

One consideration for those in countries in which failure to disclose a password is a criminal offense (just the UK at present, though this will undoubtedly be extended to other countries), is that where your entire hard drive (or just the system drive) is completely encrypted, you lose an element of plausible deniability. TrueCrypt system encryption, for example, stores its 'boot loader' (the information necessary for the computer to boot) on the first cylinder of the hard disk – which will obviously be visible to a forensics team. It is possible to remove the boot loader and instead boot from a CD which has the TC boot loader installed, though obviously this is more inconvenient.

In any event, whether or not the boot loader is present, it remains the case that it cannot be proved that the hard drive itself is encrypted – the remainder of the drive will still appear as random data. So from this point of view, you are still protected from 'failure to disclose password' laws. Nonetheless, having to explain away an internal hard drive with a TC boot loader, and “nothing else” on it, will be tedious (depending on how convincing you can be that you had “coincidentally, just recently wiped the hard drive”). Therefore it may be felt preferable to use other tactics to increase plausibility.

One such tactic is to install Windows to an external hard drive, or to a USB stick, and encrypt it with TrueCrypt. You can then keep your 'dummy' Windows installation with no compromising data on the PC's internal hard drive, and boot to the external hard drive or USB stick to use your 'real' Windows. Technically, Windows does not want to be installed to external devices – but it can be achieved. There are numerous guides available on the web; one of the most succinct set of instructions is available at [9] – and the project also has a useful forum for resolving issues. For installing Windows to an external device to work, it is necessary that your PC's BIOS is capable of booting to external devices – most recent computers (built in the last few years) can do this, but if you have an older PC, check its ability to do so by doing a web search on its model.

If utilizing this method, your 'computer' effectively lives on your external device, while you maintain a dummy system on the internal drive. This has the added advantage of portability – your Windows installation can be kept in a secure place when not in use, etc. Again, the TrueCrypt boot loader will reside on the first cylinder of the external device – but it is certainly more plausible to have an external device with “nothing on it” than an internal drive (particularly if you take the extra step of removing the TrueCrypt boot loader and booting the device from a CD).

NOTE: While the latest version of TrueCrypt (6.0 and upwards) now enables the creation of a hidden, encrypted system drive – by utilizing a 'dummy' system partition, with the real system partition hidden – at the time of writing it is not ideal: to ensure complete plausible deniability it has very stringent requirements, e.g. the real system partition should not be used to access the Internet (which partly defeats the object), files cannot be copied from the real partition to other media, the dummy partition must be accessed regularly to make it appear plausible, etc. It may be felt that until a more substantive hidden operating system is available, this latest feature should be used circumspectly.

Security Note on USB Drives and Wear-Leveling

Other Methods

Live CDs

Portable Applications

System Drive Emulation software

Virtual Machines

Protecting data while in transit over networks (Internet, Email, etc)

Email

PGP

Web-Surfing

Free proxies

Commercial software

Tor

Other Network Usage (Chat, Anonymous Remailers, File-Sharing)

Useful Links

Full guide PDF

Guide to Computer Security