- Joined
- Nov 26, 2020
- Messages
- 716
Good afternoon, everyone, so I decided to write my own article about security, on the forum on the account already probably @ # $ @ # $ - which one, but this is my view on network security.
First you need to know how we go online.
The first item is Dial-Up and ADSL. for the user, the difference is only in speed.
2nd point Local network, a little complications if the gateway does not support socks.
3rd point GPRS (not the most successful connection method (SkyLink will be better), GPRS and satellite channel.
If everything is clear with the first point, with the second you will need to look for a way to work with a proxy, NAT will still pass, but if there is something like SQUID, then it is better to look for another way to access the network. In the third case, there are features. Firstly, VPN may not work there, but only OpenVPN. It is better to take the handsets from Samsung or Siemens (Siemens only has not A series there GPRS only in 6X), Samsung has GPRS in budget models faster than Siemens will (class 10 for Samsung X100 versus class 8 Siemens C55) (we have the same prices, and when working via a satellite it is FSU since the outgoing channel is not needed wide), but with Siemens problems with firmware and changing IMEI is easier, all the software is written, tested, and described (but not everyone needs this change of IMEI).
Working with a satellite channel deserves a separate discussion. This type of communication can be one-way and two-way, that is, in the 1st case, you only receive data via satellite and send it as it is more convenient and cheaper for you, then in the 2nd case you receive and send data via satellite - the price? internet. Therefore, consider the 1st option. The outgoing channel (data request) is usually GPRS, reception via satellite. For a separate fee (about $ 10 per year) you will be assigned a separate IP, socks and proxies are also supported there. In terms of speed and price in the regions, it has no equal - $ 100-200 you get almost a dedicated line, which in some villages is perceived as magic.
Further, personal network security, it consists of two parts. The security of the main machine (through which there is an access to the network, it is also a gateway), and the security of virtual systems from which the main work is carried out.
Let's start with the safety of the main machine.
By tradition, the main defenders are firewalls and proxies. And in my opinion VPN (OpenVPN), since SORM has not been canceled yet, and the fact that the provider has a filter for keywords has probably been an axiom for about 10 years. And no one will guarantee that there are no words in the filter - enroll, cardboard, VISA etc ...
Next proxy. There are socks, they have a real advantage in that you can pass any connection and HTTP / HTTPS proxy through them - it is easier to work with them through a browser (for example, the opera does not hold socks, and sometimes it is not possible to use soxifiers, for example, when you work in the Internet) cafe or you just don't want to bother).
Using a VPN, you don't have to fool around with a chain of proxies (unless, of course, you break the Pentagon), as it slows down the network.
And due to the peculiarities of working with virtual machines, it is necessary to install a system soxifier (there are many programs, for example, Permeo Security Driver ).
Further, the security of virtual systems.
You must have at least two virtual machines. One for work, the other for money transactions.
I will not explain the need for VMWARE to work, since everyone will understand that there is an anti-fraud, and he can make the shop, payment system, not work with disabled JAVA, ActiveX, or simply do not give out that they are using these cases and what then? Give up or maybe let them do what they should. To do this, you need to know what these systems are capable of. And they can do everything. But only with the machine on which they are running, so if you work from VMWARE or from a computer connected through a gateway, you can protect yourself from possible consequences, scripts and applets can pierce the internal IP, system languages, browser version, OS and other variables. All this can be bypassed with the appropriate OS settings, but you cannot hide the IP address from the applet, you just need to give it the address that will not say anything to the server, and this can only be an IP from the category of addresses for the local network (provided that there is only this address, since if there is also a real IP, the applet will issue it and therefore only the IP of the local network should be in the system), and this can only be done if the computer is not directly connected to the network (or another computer, or VMWARE, and not everyone has the 2nd computer, and there may not be enough space on the table, therefore VMWARE is the most suitable method). But then another problem arises, but what if the applet requests a direct connection, not through a browser, not through a proxy, then the applet will burn the IP of the gateway, that is, your IP, but here you can try to soxify the entire system (the main one, that is, the gateway), that is if the applet asks for a connection, then one dick OS will send it through a proxy, or sox, and since only virtual system data can be contained there, this will not give anything to the server. That is, absolutely safe surfing, which is not fired by any applets and scripts.
The second machine must be used for transactions with electronic currency - WMZ, WMR, Bitcoin etc. The latter is especially important, there are already plenty of stories about how they got WebMoney. Therefore, you need to know how to steal money (we do not consider social engineering), usually your car is thrown or broken, but this can be avoided. Any OS can be installed on VMWARE (I prefer * nix, so that you need more knowledge and experience to get something from them, in other words, there are less chances to run into something. , and not someone who has 10 buckets on the account), but you can also Windu. In order not to get through from the host machine (if it is passed through, then it is in the same network with the virtual machine), firewall (no matter what a spoof or worm does not break through) and encrypt the file system (so that the VMWARE files from the host machine are not disassembled), install the WebMoney Light certificate (it does not work under * nix klassik, but it will burn processes under Windows and if there is vmware there, then yours the kipper will lock) and from there we climb only to light.webmoney.ru and bitcoin, since there are definitely no three there, you can sleep peacefully if there is a fear that they will find out the password to the certificate in the virtual machine, you can enter it through the Windows virtual keyboard. This is how keylogs suck. if there is a fear that they will find out the password for the certificate in the virtual machine, you can enter it through the Windows virtual keyboard. This is how keylogs suck. if there is a fear that they will find out the password for the certificate in the virtual machine, you can enter it through the Windows virtual keyboard. This is how keylogs suck.
And finally, do not forget to clean history and cookies, it is more fraught.
Here are the main ways to keep your anonymity and save your money.
I am sure that I did not touch on all aspects of security, I did not know about some of them, I forgot about something. Therefore, I ask you to add something of your own to the article.
First you need to know how we go online.
The first item is Dial-Up and ADSL. for the user, the difference is only in speed.
2nd point Local network, a little complications if the gateway does not support socks.
3rd point GPRS (not the most successful connection method (SkyLink will be better), GPRS and satellite channel.
If everything is clear with the first point, with the second you will need to look for a way to work with a proxy, NAT will still pass, but if there is something like SQUID, then it is better to look for another way to access the network. In the third case, there are features. Firstly, VPN may not work there, but only OpenVPN. It is better to take the handsets from Samsung or Siemens (Siemens only has not A series there GPRS only in 6X), Samsung has GPRS in budget models faster than Siemens will (class 10 for Samsung X100 versus class 8 Siemens C55) (we have the same prices, and when working via a satellite it is FSU since the outgoing channel is not needed wide), but with Siemens problems with firmware and changing IMEI is easier, all the software is written, tested, and described (but not everyone needs this change of IMEI).
Working with a satellite channel deserves a separate discussion. This type of communication can be one-way and two-way, that is, in the 1st case, you only receive data via satellite and send it as it is more convenient and cheaper for you, then in the 2nd case you receive and send data via satellite - the price? internet. Therefore, consider the 1st option. The outgoing channel (data request) is usually GPRS, reception via satellite. For a separate fee (about $ 10 per year) you will be assigned a separate IP, socks and proxies are also supported there. In terms of speed and price in the regions, it has no equal - $ 100-200 you get almost a dedicated line, which in some villages is perceived as magic.
Further, personal network security, it consists of two parts. The security of the main machine (through which there is an access to the network, it is also a gateway), and the security of virtual systems from which the main work is carried out.
Let's start with the safety of the main machine.
By tradition, the main defenders are firewalls and proxies. And in my opinion VPN (OpenVPN), since SORM has not been canceled yet, and the fact that the provider has a filter for keywords has probably been an axiom for about 10 years. And no one will guarantee that there are no words in the filter - enroll, cardboard, VISA etc ...
Next proxy. There are socks, they have a real advantage in that you can pass any connection and HTTP / HTTPS proxy through them - it is easier to work with them through a browser (for example, the opera does not hold socks, and sometimes it is not possible to use soxifiers, for example, when you work in the Internet) cafe or you just don't want to bother).
Using a VPN, you don't have to fool around with a chain of proxies (unless, of course, you break the Pentagon), as it slows down the network.
And due to the peculiarities of working with virtual machines, it is necessary to install a system soxifier (there are many programs, for example, Permeo Security Driver ).
Further, the security of virtual systems.
You must have at least two virtual machines. One for work, the other for money transactions.
I will not explain the need for VMWARE to work, since everyone will understand that there is an anti-fraud, and he can make the shop, payment system, not work with disabled JAVA, ActiveX, or simply do not give out that they are using these cases and what then? Give up or maybe let them do what they should. To do this, you need to know what these systems are capable of. And they can do everything. But only with the machine on which they are running, so if you work from VMWARE or from a computer connected through a gateway, you can protect yourself from possible consequences, scripts and applets can pierce the internal IP, system languages, browser version, OS and other variables. All this can be bypassed with the appropriate OS settings, but you cannot hide the IP address from the applet, you just need to give it the address that will not say anything to the server, and this can only be an IP from the category of addresses for the local network (provided that there is only this address, since if there is also a real IP, the applet will issue it and therefore only the IP of the local network should be in the system), and this can only be done if the computer is not directly connected to the network (or another computer, or VMWARE, and not everyone has the 2nd computer, and there may not be enough space on the table, therefore VMWARE is the most suitable method). But then another problem arises, but what if the applet requests a direct connection, not through a browser, not through a proxy, then the applet will burn the IP of the gateway, that is, your IP, but here you can try to soxify the entire system (the main one, that is, the gateway), that is if the applet asks for a connection, then one dick OS will send it through a proxy, or sox, and since only virtual system data can be contained there, this will not give anything to the server. That is, absolutely safe surfing, which is not fired by any applets and scripts.
The second machine must be used for transactions with electronic currency - WMZ, WMR, Bitcoin etc. The latter is especially important, there are already plenty of stories about how they got WebMoney. Therefore, you need to know how to steal money (we do not consider social engineering), usually your car is thrown or broken, but this can be avoided. Any OS can be installed on VMWARE (I prefer * nix, so that you need more knowledge and experience to get something from them, in other words, there are less chances to run into something. , and not someone who has 10 buckets on the account), but you can also Windu. In order not to get through from the host machine (if it is passed through, then it is in the same network with the virtual machine), firewall (no matter what a spoof or worm does not break through) and encrypt the file system (so that the VMWARE files from the host machine are not disassembled), install the WebMoney Light certificate (it does not work under * nix klassik, but it will burn processes under Windows and if there is vmware there, then yours the kipper will lock) and from there we climb only to light.webmoney.ru and bitcoin, since there are definitely no three there, you can sleep peacefully if there is a fear that they will find out the password to the certificate in the virtual machine, you can enter it through the Windows virtual keyboard. This is how keylogs suck. if there is a fear that they will find out the password for the certificate in the virtual machine, you can enter it through the Windows virtual keyboard. This is how keylogs suck. if there is a fear that they will find out the password for the certificate in the virtual machine, you can enter it through the Windows virtual keyboard. This is how keylogs suck.
And finally, do not forget to clean history and cookies, it is more fraught.
Here are the main ways to keep your anonymity and save your money.
I am sure that I did not touch on all aspects of security, I did not know about some of them, I forgot about something. Therefore, I ask you to add something of your own to the article.