Wednesday, July 17, 2013

Do You Trust Your Computer?

I don't.  Just a sec while I don my tinfoil hat.

Data breaches, zero-day exploits, and the NSA's PRISM program have placed a nice big spotlight on IT security these days.  Hackers that steal your identity can plunge your life into a world of problems.  One step that I've taken to provide some protection against identity theft is I re-purposed an old netbook for only my most sensitive surfing (banking, investments, CRA, etc...).

I use the usual anti-virus and anti-spyware tools to protect my main pc.  However, zero-day exploits and keyloggers are particularly worrisome.  I don't want to turn into one of those numbers that help increase the identity theft statistics.  Not necessarily to keep the number low but more for the headaches that identity theft cause.  Initially, I installed Chromium O/S as my first operating system.  I particularly liked the continuous update feature and how each boot presents me with a fresh operating system.  Chrome O/S' resilience really shined this year at the annual hacking event pwnium 3.  Unfortunately, Chromium wasn't quite optimized for my poor old netbook and it was painfully slow to use.

I have since settled on Fedora.  It appears to have a focus on security and also isn't the most popular Linux flavour available.  Given the choice, hackers will likely focus their efforts on finding flaws within operating systems that have a wider audience.  The NY Times has a worrisome article "Nations Buying as Hackers Sell Flaws in Computer Code" that describes how hackers that sell vulnerabilities can earn as much as $150,000 from Microsoft.  Government agencies looking to exploit these vulnerabilities would pay more.  There's big money in being first-to-market with an undiscovered zero-day exploit.

To reduce the exposure to my little Fedora netbook, I only access a limited set of sites and I keep it in its own VLAN.  Thus, if my main computer were to be infected with a worm and wanted to infect other computers on my LAN, it would have to be robust enough to cross over to the less popular Fedora.  A feat not many worms can do.  If it were capable of this, it wouldn't be able to find my netbook since it's been placed on an entirely different network segment with no access to the VLAN where my main surfing machine resides.

This strategy won't solve data breaches or prevent the NSA from accessing my data on servers that reside in the U.S.  It helps make me less of a noticeable target for hackers and hopefully keeps my sensitive sites safe.

No comments:

Post a Comment