Sonntag, 26. April 2009

InSecure Internet Surfing for Dummies (Client-Side/Userlevel)

"Think before you click."

Goal: Surf the web without having to fear infecting your own PC with worms, viruses, scripts, etc... exposing your data, unintentionally sharing files, somebody wiping your hard disk, reading your stored passwords and so on...

Status quo: Face the facts: You will never be secure browsing the web as a normal user. Just forget the idea. If you do not establish a trusted, certified, encrypted connection, that is monitored and has to verify each packet or hash sums of it, you are always exposed to attacks of all kinds. What you still can do, as a user, is letting go of old thinking and accept the facts.

Browse the web without having to fear that your data on your harddrives are exposed to attacks. Hiding partitions, encrypting your home/user-file-directories should be recommended, but you don't have to if you follow the concept below:


the most recent Knoppix DVD is 6.1 - I like the artwork for 5.3 by Thomas Saur (?)

Howto do it
: I use a Knoppix(Debian)-Live-DVD. You can install the complete Operating System on a 4GB-USB-Stick and have even 1GB left on it, for a encrypted read-only home-partition, where you can store your configuration. You can use any Linux-Live-CD (Knoppix/Ubuntu/openSUSE/etc...). Your harddrives are in read-only mode. You can make them invisible if you have not already encrypted them.
Beware: there is still the chance that somebody will read your tmp-files/ram etc. Every communication between you and a server and/or service on the web is as secure as the protocols underneath allow it to be. If you can, use secure protocols all the time. If you can, use encryption all the time. But the vulnerability you offer, is way lower than surfing from your 'installed system'. If you want to download files, simply use an extra partition, where you can dump that stuff. (Run multiple scan's on these downloaded files before you read/execute them. Be aware that all scenarios which include transactions of data through the net are still open to attacks (passwords in clear text, non-secure protocols between client and server, etc...) - avoid any online-service that does not use secure protocols, encryption or other form of trusted computing. Minimize the risks.

Security vs. Convenience - it always comes down to the following question: "How much time are you willing to spend vs. how much risk are you willing to take?" Most people don't know the risks and they don't want to know.

After you finished your web-browsing everything you might have catched throughout the session will be deleted on your side (but 'phishing-attacks' during the session might still have taken place). Think of your use of the internet as a jump into radioactive waters (FALLOUT 3). Don't be online all the time. Be aware that you are open to malicious attacks. Yes, Microsoft for example, improved their default security options a great bit. Vista and more so Windows 7 offer very good measures for unexperienced users. Still the biggest threat to a 'normal user' is the notion to lull them into coziness. Neither Microsoft, nor Anti-Virus-Software, nor Mac or Linux will save you from malicious attacks.

Conclusion: This concept does not apply to all circumstances. Homebanking is as insecure as it always was. PIN/TAN and even iTAN transactions have been exploited. "HTTPS" sounds nice, but do you really now that the DNS-Server sent you to the 'real' MyBank-Website? Fake certificates are no prob for the net-mob. Your beloved Outlook or MS Office has to struggle through Wine if you really, really think you need it. But if you are paranoid (like me) or don't want to hassle with attacks that might infect your PC (even under Linux) or Anti-Virus-Software which has it's own vulnerabilities (been late, false negatives, etc), I figured, this is the best way for web-browsing.

Disclaimer: This does not work for 'safe surfing' (your kids web). This does not work for System-Administrators. They have to maintain networks and 1000s of connected computers, with infected programs and corrupt data floating around. They are mandated to use AV-Software and they better do. The nightmares of professionals is another story.

Thanks for reading this. Talk me down. Drop a comment.

Keine Kommentare:

Kommentar veröffentlichen