CYBER SECURITY 101 - STAY SAFE

***Walt The Heavyweight*** · 08-27-2016, 08:57 AM

Going to completely edit the first post in few days... No longer recommending Panda. Also thinking of adding 'essential software' list.

***genni11*** · 08-29-2016, 11:40 PM

Thanks walt for great guide. Can you recommend a good VPN software or service? Which one you use personally?

***Walt The Heavyweight*** · 08-30-2016, 05:13 AM

(08-29-2016 11:40 PM)genni11 Wrote: Thanks walt for great guide. Can you recommend a good VPN software or service? Which one you use personally?

Most top known ones are pretty solid.. such as Hide My Ass, Hotspot shield or Ghost VPN.

I'd recommend Anon VPN. For no particular reason. And I use Steganos Online Shield(premium), iVPNator(premium) and Freed0me(expensive asf) because I just happened to get them for free.

***Innomina*** · (This post was last modified: 09-27-2016 08:05 PM by Innomina.)

All very good points.

***Innomina*** · 09-27-2016, 08:02 PM

All the suggestions are good, but a major one was overlooked. Security starts with your foundation and that is your operating system, so the first thing you need to do is DUMP WINDOWS as your main operating system and switch to a Linux distro. I saw Tails and Kali mentioned, but to me those 2 distros are more purpose oriented or situation based and not really for typical everyday use.

If your serious about security your best bet is to start with downloading and installing one of the many flavors of Linux. The majority of linux distros are free (the most heavily used ones are) and fully customizable, so if you don't like the one you've got try another one.

With Linux you don't have to worry about viruses. I'm not saying that they aren't out there, but 90% (don't quote me) of OS users are on PCs and Macs. The hackers are using Linux, the hacked are using Windows. Software for the most part is free and can be downloaded from the distros' repositories (like getting plugins and themes from Wordpress) so you know they're safe. Pretty much any program you feel Windows is critical for has a free, open-source equivalent on Linux that is usually equal to or better than the paid program you got for Windows.

You can use Wine to run most any Windows program you already have, and there is PlayOnLinux and Steam for you gamers.

If your worried about having to use command lines to operate in don't, Linux distros come with several different graphical desktop environments, Some are even modeled to look like Windows and MAC to ease the transition for new converts. Being able to learn how to use the command line Mr. Robot style is just a benefit you can gain over time, but not a necessity. I find a lot of the changes Microsoft makes to Windows they've borrowed from Linux. If you're going to use Kali you might as well take the full leap anyways.

If you're still using Windows, you're not really serious about security. that goes doubly for running your servers. i mean if you have a hosting account, odds are you're running some version of Linux anyway, because your hosting company knows the deal.

Macs are better because they are UNIX based like Linux, but they are not open source and their stuff definitely isn't free and in my opinion as good.

Here's some of the top distros you can download and check out. They can all be installed to dual-boot alongside Windows until you decide to make the jump. Then I would just keep Windows and a second computer just in case you have to have it for something.

Debian - The grandaddy and most stable and secure OS ever. Great for servers.Never seen it crash
Fedora - The grandmomma. Has tons of loyal users.
RedHat - An enterprise distro runs many of the big commercial sites out there. Based on Fedora
Ubuntu - Most used distro. Debian based
Linux Mint - What I use... mostly. Debian, Ubuntu based
OpenSUSE- Community version of RedHat
CentOs - used my tons of hosting companies, very stable. Fedora, RedHat distro
ZorinOS - For Windows converts. Debian, Ubuntu based
ElementaryOS - For MAC converts. Debian, Ubuntu based

To see tons of others:

Code:

http://www.distrowatch.com

To see what they look like:

Code:

http://www.linuxscreenshots.org

Linux is for the hunters, Windows is for the prey and MAC is just Scrooge McDuck.

***RealSteel*** · 10-17-2016, 03:32 PM

Thanks Walt For Your Guide.

***ballalife*** · 10-21-2016, 12:20 AM

What do you think guys about Qubes-Whonix ?

***silenthq*** · (This post was last modified: 03-30-2017 08:08 AM by silenthq.)

(10-21-2016 12:20 AM)ballalife Wrote: What do you think guys about Qubes-Whonix ?

I just started using Qubes and I pretty much love it. I see tons of possibilities with the current 3.2 version and things will become even better when version 4 comes out, hopefully later this year. It may not be very pretty-looking right out of the box, but the fact that any application you run essentially runs in its own compartmentalized, VM/virtual machine is a fantastic concept.... and you can run any number of operating systems (like Whonix which already has several privacy features built-in like Tor, etc...) within those virtual machine environments, have them talk to each other for certain applications, share or not share VPN or internet connections with each other, etc...! (version 4 will be more enterprise-focused so you'll be able to talk to and manage VM's within remote Qubes environments via LAN/WAN's, etc...)

Edward Snowden recommends and uses Qubes himself so that should tell you something. ;)

***silenthq*** · (This post was last modified: 03-29-2017 11:18 AM by silenthq.)

(09-27-2016 08:02 PM)Innomina Wrote: With Linux you don't have to worry about viruses. I'm not saying that they aren't out there, but 90% (don't quote me) of OS users are on PCs and Macs. The hackers are using Linux, the hacked are using Windows. Software for the most part is free and can be downloaded from the distros' repositories (like getting plugins and themes from Wordpress) so you know they're safe. Pretty much any program you feel Windows is critical for has a free, open-source equivalent on Linux that is usually equal to or better than the paid program you got for Windows.

I applaud Innomina's post, however things have changed a lot in the cybersecurity world. It used to be true that Linux systems weren't prone to hacking, but the game has changed. Since the majority of web, database, and other servers in the world now run on some flavor of Linux, more advanced hackers absolutely target Linux systems where all of the "good", more valuable data now resides (like government data, sensitive medical records, online dating profiles, mobile app data, etc...). These servers are often deployed and managed in unsecure environments due to a lack of security knowledge and best-practices across various service providers and their 3rd party partners who now use Linux servers without really knowing what they're doing (by "more advanced hackers" I mean both independent and government/state-sponsored Russian and Chinese hacker teams... I'm not talking about your "casual" script kiddies who think they're 'l33t' for installing RAT's on Windows desktops, although most large botnets are still deployed on Windows systems as well as Google's mobile Android OS which is a Linux derivative and full of security holes, but I digress...).

Using a *nix (Unix or Linux) based system is definitely a step in the right direction, however knowing how to use it safely in a hardened environment is absolutely essential nowadays.

http://tinyurl (dot) com/zvv9njz "Hacker explains how he put "backdoor" in hundreds of Linux Mint downloads"

http://tinyurl (dot) com/kvoshh6 "Linux hacked-more-often-than-windows" (old article from 2004, 13 years ago detailing the shift from Windows hacking to Linux hacking)

Just my "2 cents"...

***Jim Moriarty*** · 03-29-2017, 05:57 PM

Cool thread...