Xylon's guide to computer security

9th September 2017

This article has six sections, each discussing a different aspect of computer security.

1. Keep your devices secure against three kinds of attack

The "just start using it attack"

This is where someone physically gets your device and just starts using it. Protect against this by using a screen locker. So on a desktop or laptop set a password and lock the screen when you walk away. Set it to auto-lock on a timer too. On a phone or tablet just use whatever type of screen lock it provides like pin or pattern etc.

The "data at rest attack"

This is when someone steals your device and reads your data directly off the storage, bypassing any passwords. This attack requires a bit of savvy but it's not particularly hard. Protect against this by encrypting the storage. On a desktop or laptop this is called "disk encryption". On my android phone this option is called "encrypt device".

The "internet attack"

This is anything that threatens your computer from the internet. Protect against this by installing your security updates and avoiding any software that doesn't receive regular security updates (old software or software from irresponsible sources). And obviously don't install any malware.

2. Staying secure on the web

Now we discuss how to stay secure on the web.

First, consider any method of communication or file sharing over the internet insecure unless you have personally encrypted it with PGP. Never send files or sensitive information to someone unless you and the recipient both have PGP set up and are using it. This really is the only secure way to communicate with people over the internet.

Never send sensitive information in an email unless you've personally encrypted it with PGP, never upload sensitive files to "cloud storage" such as Dropbox or iCloud unless you've personally encrypted with PGP.

Second, on the web, get in the habit of always inspecting the site URL and padlock before ever logging in to anything. Especially if you followed a link from an email.

3. Best block, no be there

"Best block, no be there" is a phrase from a Kung Fu movie. Think about what will happen if someone does break in and access all your files. There may be certain things that you might avoid having on some of your computers.

4. Passwords

The challenge with passwords is that, you should use different passwords for everything, and they should be long and unguessable. This means it's infeasible to remember them all.

Therefore, you need to use a password manager. The principle here is that a single long password (passphrase) is used to encrypt a database of other passwords. You just remember one, very strong password, and it protects all the others.

Your password manager software is likely to be one of the biggest weak-spots in your security plan. But it's better than any other option so invest the effort to choose a good password manager to store all your passwords.

If you really don't want to use a password manager for some reason then keep your passwords on a paper notepad in an impenetrable safe. Problem is that then you can't log into anything when you're away from your home.

Also, it's probably best not to let your web browser remember your important logins.

5. Backups

Take backups regularly and either encrypt the backup drives or keep backup disks in a safe.

6. Use Free Software

Free software, also known as Open Source software, is software that respects it's users freedoms to use the software in any way they wish, study it, modify it and redistribute it.

Although this may seem like a purely ethical or philosophical concern at first, Free Software in fact has many security advantages. Firstly because the type of people who use Free Software are tech-enthusiasts who demand good software quality. Secondly, the code of Free Software is (inherently) published for all to read, so we know there's nothing malicious hidden in it. Maybe you'd like to read my guide on using Free Software.

Extra tips

This section has extra tips that don't fit into any other category.

Use an adblocker

Web-browsers give arbritrary-code-execution privilages to adverts. This means that advertizing networks are a very powerful means of transmitting malware. It's called Malvertising. Please install an ad-blocking browser plugin to stop adverts. Ad-blockers can also block spy networks such as google analytics.

Firejail for GNU/Linux

Specifically for GNU/Linux there is a tool called Firejail which can create a "jail" for programs. It's good to run any program that connects to the internet in firejail, to limit the damage if it gets "popped". I run FireFox and Chromium in it.