Desktop PCs - Do You Still Have Them?

[chronicle]

This might help.

Free Decrypter Available for GandCrab Ransomware Victims

Sent from my BLL-L22 using Tapatalk

[brushless]

Your work pc should be isolated from the internet where most of your important data are stored. You should have another computer solely for online usage. This is without any hardisk, just a USB or DVD live Linux OS. Windows is just too risky to expose it to the internet.

If you want to totally protect your online activity, install Linux Tails on your USB drive and boot from there.

[oj88]

Your work pc should be isolated from the internet where most of your important data are stored. You should have another computer solely for online usage. This is without any hardisk, just a USB or DVD live Linux OS. Windows is just too risky to expose it to the internet.

If you want to totally protect your online activity, install Linux Tails on your USB drive and boot from there.

Air gapping is probably justified when you're primarily working on highly-classified, confidential, or high profile information, digitally stored on a computer. But for the average user, it's impractical.

Almost any work that involves a computer nowadays needs access to the Internet almost constantly. Cloud productivity (Google Suite, Office365, etc.), cloud storage, online research, B2B and B2C transactions, communications (Email, IM, Presence, collaboration, voice/video conferencing), etc. etc.

In fact, there's now only a fine line between corporate devices and personal devices (BYOD). People tend to work using whatever devices they have on-hand. They don't need to get back to their work PC to respond to an email. They respond using their own personal mobile device or even their home PC.

What is important is to have an end-to-end security solution that uses security products (UTM, firewall, DLP, web security, email security, endpoint security, etc.) and security practices (ie. Adherence to the PH DPA) to prevent or at the least, make breaches and data leaks very difficult to impossible to do.

[brushless]

Air gapping is probably justified when you're primarily working on highly-classified, confidential, or high profile information, digitally stored on a computer. But for the average user, it's impractical.

It's justified for my case. I can't risk it. Two desktops for permanent offline work. Unhackable. I transfer files using the fax/modem 56k V.92, BBS, old school.

Almost any work that involves a computer nowadays needs access to the Internet almost constantly. Cloud productivity (Google Suite, Office365, etc.), cloud storage, online research, B2B and B2C transactions, communications (Email, IM, Presence, collaboration, voice/video conferencing), etc. etc.

I can do all of that on a live USB (w/ physical write protect switch).

What is important is to have an end-to-end security solution that uses security products (UTM, firewall, DLP, web security, email security, endpoint security, etc.) and security practices (ie. Adherence to the PH DPA) to prevent or at the least, make breaches and data leaks very difficult to impossible to do.

So much no. I only use TOR.

Security doesn't need to be so complex.

1) Isolate your desktop computer (work) from the internet
2) Use a Live USB (Tails) with write protect if accessing the internet
3) Use TOR Browser

Done.

Online banking, NOPE.
Passbook, YES.
No ATM.

Not forgetting to tape the webcam and mic. Lol!

[SpinCycle]

It's justified for my case. I can't risk it. Two desktops for permanent offline work. Unhackable. I transfer files using the fax/modem 56k V.92, BBS, old school.



I can do all of that on a live USB (w/ physical write protect switch).



So much no. I only use TOR.

Security doesn't need to be so complex.

1) Isolate your desktop computer (work) from the internet
2) Use a Live USB (Tails) with write protect if accessing the internet
3) Use TOR Browser

Done.

Online banking, NOPE.
Passbook, YES.
No ATM.

Not forgetting to tape the webcam and mic. Lol!

Interesting. Do you live in the PH sir? I wonder what BBSes are still up in the PH. I used to login to them every night.

Isn’t it more secure to transfer via USB then format the thumb drive than sending it through a BBS?

May I ask what made you decide to take security measures to that level?


Sent from my iPhone using Tapatalk

[brushless]

...edited. Double post.

[brushless]

Interesting. Do you live in the PH sir? I wonder what BBSes are still up in the PH. I used to login to them every night.

Yes. Not sure whether there's a local BBS. I'm just new to the system.

IsnÂ’t it more secure to transfer via USB then format the thumb drive than sending it through a BBS?

It's a private BBS.

The internet is like EDSA where everyone is using it. A private BBS is like an underground road where nobody can see it or even know it exist.

May I ask what made you decide to take security measures to that level?

Internet threats like ransomware and whatnot. I've changed my credit card about 5 times when the bank called me up that someone is illegally using it. They even told me where it was used, when it was used and what item was bought. I hope the criminal was caught.

Also, when a virus/malware strikes, it's pretty tiring having to reformat the HD every now and then or rebuild it from a clone/image backup. Windows update can sometimes be a pain in the.

So, it's Windows for offline work, Tails for online and private BBS for file transfers/private communication.

It doesn't get simpler than that.

There's no such thing in the internet where your computer cannot be exploited. Never rely on any security solutions. It doesn't work all the time.

Going old school is the best solution.

Sometimes I use windows for online use to see any unusual activities to see which sites are infested. I've already caught 3.

[oj88]

Yes. Not sure whether there's a local BBS. I'm just new to the system.

It's a private BBS.

The internet is like EDSA where everyone is using it. A private BBS is like an underground road where nobody can see it or even know it exist.

^Wow! lol. It's like I'm talking to someone who have just arrived from the 90's. BBS on dial-up... really? For communications? Jeez... don't forget to backup your floppy disks.

Internet threats like ransomware and whatnot. I've changed my credit card about 5 times when the bank called me up that someone is illegally using it. They even told me where it was used, when it was used and what item was bought. I hope the criminal was caught.

Also, when a virus/malware strikes, it's pretty tiring having to reformat the HD every now and then or rebuild it from a clone/image backup. Windows update can sometimes be a pain in the.

So, it's Windows for offline work, Tails for online and private BBS for file transfers/private communication.

It doesn't get simpler than that.

You must've been accessing some shady and malicious websites to be targeted like that.

I've never have to change credit cards due to fraud... and I do online transactions 99% of the time since about 2010. I've bought subscriptions and other stuff from almost any online stores from Amazon to Wish. Common sense lang kailangan.... I do COD if anything is questionable. But that's only 1 in maybe 10 or 15 transactions.

There's no such thing in the internet where your computer cannot be exploited. Never rely on any security solutions. It doesn't work all the time.

Going old school is the best solution.

Sometimes I use windows for online use to see any unusual activities to see which sites are infested. I've already caught 3.

Watching too many conspiracy movies? But let me ask you... how do you work with your personal or work data when mobile? You bring two devices? One offline and one online?

I agree that the Internet is generally unsafe.... that's a given. Like EDSA is a hazard to both neophyte and experienced drivers. But still, you need to pass through it once in while.

Air-gapping actually makes it more difficult to work on something. You lose productivity moving from one computer to another. Time is money. The best is still to follow online security best practices plus using a decent firewall and endpoint protection.

At home, I have an Untangle NG UTM running in Vmware, a Windows Server 2012 R2 as DHCP and DNS (also in Vmware), a 18TB Windows Home Server 2011 (Plex and Windows devices backup server), a NAS, four Ubiquiti UniFi APs, a Cisco managed switch, a D-Link smart switch, and ESET Internet Security for Windows and Android devices. I've got IoTs all around and I'm proud to say that in our plot of land, I'm managing in excess of 50+ unique IP devices.... IR blasters, Roku 3s, Smart TVs, IP cameras and NVRs, several smart bulbs, a couple of Amazon Echo Dots, a Google Home Mini, several WiFi switches, an environment sensor, a Raspberry Pi 2, UPS, several PCs, laptops, tablets and smartphones.... just off the top of my head.

Just imagine... my lowly electric fan have its own IP address (WiFi switch) which I can control from the Internet or through Alexa.

No, I didn't build this overnight. It grew to that monstrosity as our household needs increased. About 95% of said devices have access to the internet. Many are connected to at least one cloud service. The remaining devices are actually the IP cameras and NVRs... these requires me to connect to my home network through a VPN to view them from the internet. There'll be no peeping toms to worry about.

Anyway, there had been not a single breach. There were a couple of attempts before which was caught by Untangle's IDS/IPS and another by pfSense IDS/IPS (prior to switching to Untangle). But even though I am less restrictive compared to what you're proposing, I also keep an "assume breach" mindset and if such an event occur in the future, I've got the daily and weekly Windows backups to recover from.

[myas110]

This might help.

Free Decrypter Available for GandCrab Ransomware Victims

Sent from my BLL-L22 using Tapatalk

Will try it soon. Dahil siguro sa instance na nag download ng file yung kapatid ko kaya nadale yung PC namin sa bahay. Andun pa naman sa PC yung pics and music files ko

Sent from my ASUS_Z011D using Tapatalk

[brushless]

You must've been accessing some shady and malicious websites to be targeted like that.

Nope. An attack can occur on Twitter, YouTube and Instagram. In fact, it can occur on any website the hacker wishes to monitor on its users. You'll be amazed by how much info they can get from you. They can even have access to your mobile phone and turn it into a listening device.

I've never have to change credit cards due to fraud...

I guess you're not of interest to them.

Watching too many conspiracy movies? But let me ask you... how do you work with your personal or work data when mobile? You bring two devices? One offline and one online?

Are you still studying?

When mobile, like at the airport, I simply call my agent in Hong Kong to prepare the contract for the factory in Chaozhou and have it faxed or emailed to me. I'll sign it later or he can sign it on my behalf.

People can do the work for you in the office you know. Lol

Air-gapping actually makes it more difficult to work on something. You lose productivity moving from one computer to another. Time is money. The best is still to follow online security best practices plus using a decent firewall and endpoint protection.

Sorry, it's just not the case for me. I can still work fine, no problem. How hard would it be copying files from USB to USB? Thanks for the advice though.

Firewall? Anti Malware/Spware/AV? Are you kidding me?

You know how much time is wasted cleaning the virus or malware? When you thought you've cleaned it, it pops up again in your browser. You don't know what files it has infected in your system. What is worst is that after cleaning, your system does not work fine anymore. Either it freezes on you or simply too slow to work on. You then do some troubleshooting and hairpulling. The best remedy for this is to simply nuke the hardisk and start from backup. How many hours wasted.

You talk about productivity loss, this is productivity loss.

Anyway, there had been not a single breach. There were a couple of attempts before which was caught by Untangle's IDS/IPS and another by pfSense IDS/IPS (prior to switching to Untangle). But even though I am less restrictive compared to what you're proposing, I also keep an "assume breach" mindset and if such an event occur in the future, I've got the daily and weekly Windows backups to recover from.

If you think this can work effectively, why would Snowden use TOR?

Good luck on your backups though. I never have to do that anymore due to an attack or infection. I do it because the hardisk is going to go anytime. Lol!

[xwangbu]

Snowden and Tor - might not be the same as you and me using tor.
snowden might have a tor end node from a trustworthy friend or accomplice.
it is only *reliable* if you know the end node is reliable.

[chronicle]

Come to think of it. Tor always defaults to eu. It just adds another layer of security since the public ip is located somewhere ala vpn.

For all we know, the tor server where the data is transmitted to and from is also collecting data.


Sent from my BLL-L22 using Tapatalk

[oj88]

Nope. An attack can occur on Twitter, YouTube and Instagram. In fact, it can occur on any website the hacker wishes to monitor on its users. You'll be amazed by how much info they can get from you. They can even have access to your mobile phone and turn it into a listening device.

Well, that's why you have a whole suite of security products working for you. You won't have to sacrifice convenience for security.

I guess you're not of interest to them.

I guess not. I'm well-behaved on the Net. Unlike some people I know.

Are you still studying?

I'm always studying and working on new stuff, even though I'm already in my mid-40s.

Don't tell me you've stopped learning?

When mobile, like at the airport, I simply call my agent in Hong Kong to prepare the contract for the factory in Chaozhou and have it faxed or emailed to me. I'll sign it later or he can sign it on my behalf.

People can do the work for you in the office you know. Lol

I presume that all your 'people' follows the same security protocol as you do? Namely, one computer for work, another one for online use?

You still have to connect to an email service to receive the documents. Also, some fax machines can store a finite number of pages that was either sent or received. I'm sure you've taken great lengths into ensuring that no unauthorized copies of your docs exists?

Sorry, it's just not the case for me. I can still work fine, no problem. How hard would it be copying files from USB to USB? Thanks for the advice though.

You obviously haven't had the misfortune of a USB drive die on you. Or the idea that it actually makes it easy for viruses and malware to propagate through USB.

Firewall? Anti Malware/Spware/AV? Are you kidding me?

I kid you not. I hope you're not that ignorant about data security tools. As with physical security, wherein you have a main gate, probably some CCTVs, an alarm, guard dogs, security personnel, a deadbolt on the front door, etc., data security is deployed in layers. The network layer is protected initially by your firewall. Malware and other viruses are caught by the UTM. Wickedly evil attachments are caught by your email server's anti-spam and anti-malware engines. Any surviving threat or threats that got through the other layers, or virus payloads that entered through the USB drive (aha!) or from network file transfers are taken cared of by your local AV and personal firewall (endpoint or client protection).

Data security, similar to data privacy, is a concerted effort of different disciplines and solutions working together.

You know how much time is wasted cleaning the virus or malware? When you thought you've cleaned it, it pops up again in your browser. You don't know what files it has infected in your system. What is worst is that after cleaning, your system does not work fine anymore. Either it freezes on you or simply too slow to work on. You then do some troubleshooting and hairpulling. The best remedy for this is to simply nuke the hardisk and start from backup. How many hours wasted.

You talk about productivity loss, this is productivity loss.

Then I'd say, you're not doing it right. Done properly, all these are transparent to the user. They may not even get a notification about a mundane infection for as long as it was successfully removed (only the IT people would likely get the notif). Also, we''re no longer talking about Windows XP or versions before it, which were virus magnets. Windows 10 is a whole new world. I've never had a displeasure of cleaning a virus for years. Don't make it sound worse than it really is. But yes, backups are there as a safety net.

If you think this can work effectively, why would Snowden use TOR?

For being one of the world's most wanted high profile individual that is actively being surveilled, tracked, and pursued by the US government, I would too. But that is not the case for the great majority of people using the Net.

Though, I'm not oblivious to the concept. I use a VPN service if I need anonymity. I can just "show up" anywhere around the world, if I wanted to. I just pick the country I need to be in and boom! Beam me up, Scotty!

Good luck on your backups though. I never have to do that anymore due to an attack or infection. I do it because the hardisk is going to go anytime. Lol!

Oh thank you. Backups are there as a last resort. Whether it be due to a software glitch, a virus infection, a hard disk takes a dive, or as simple as trying to recover a file that was deleted months ago, a backup affords some insurance against data loss.

[brushless]

Snowden and Tor - might not be the same as you and me using tor.
snowden might have a tor end node from a trustworthy friend or accomplice.
it is only *reliable* if you know the end node is reliable.

He is using Tails actually. TOR is configurable according to your needs. I haven't tinkered with it yet, just the default.

[kagalingan]

Online banking, NOPE.
Passbook, YES.
No ATM.

Walandyo may kapareha pala ako dito.

No credit card ako.

No ATM

Withdraw sa bank teller.

Pero nastress ako sa pinaguusapan nyo. Ang hightech masyado.

[brushless]

Well, that's why you have a whole suite of security products working for you. You won't have to sacrifice convenience for security.

The don't work all the time. Eset, Norton, Avast, Malwarebyte, Commodo, etc. You name it, I've tried it all.

They can still see you.

I guess not. I'm well-behaved on the Net. Unlike some people I know.

It's not about being well behaved, rather, it's all about wanting to play with you for no reason at all. Random. It could be a pimploid teenager from Ukraine practicing their skills on your connection or it could be the real deal - credit card syndicates.

I presume that all your 'people' follows the same security protocol as you do? Namely, one computer for work, another one for online use?

It's actually my private work that is senstive and not company related. Maybe, I wasn't clear when I explained it. Made you confused there. Lol.

You still have to connect to an email service to receive the documents. Also, some fax machines can store a finite number of pages that was either sent or received. I'm sure you've taken great lengths into ensuring that no unauthorized copies of your docs exists?

No problem in accessing email services. I'm using Tails OS, not Windows.

You can receive fax in your computer via fax/modem. It doesn't have to be a fax machine.

You obviously haven't had the misfortune of a USB drive die on you. Or the idea that it actually makes it easy for viruses and malware to propagate through USB.

It's actually Windows that makes it easy for viruses and malware to do havoc. It's really an unsafe OS to put online. You can install all the best firewalls/AV's/Mallwares/Sandbox and what not, all you can eat. They can still see you, bro.

They don't even need malware/spyware/virus installed in your system in order to spy on you. There mere fact you're connected to the internet, that's more than enough. No need to go through all that hassles.

Thus, I only use Tails. They'll be hopping from South Africa to China to Israel ot India, computer to computer and it will frustrate them and they will simply move to an easier target. I'm a waste of their time.

I kid you not. I hope you're not that ignorant about data security tools. As with physical security, wherein you have a main gate, probably some CCTVs, an alarm, guard dogs, security personnel, a deadbolt on the front door, etc., data security is deployed in layers. The network layer is protected initially by your firewall. Malware and other viruses are caught by the UTM. Wickedly evil attachments are caught by your email server's anti-spam and anti-malware engines. Any surviving threat or threats that got through the other layers, or virus payloads that entered through the USB drive (aha!) or from network file transfers are taken cared of by your local AV and personal firewall (endpoint or client protection).

Like I said, they don't need to drop a virus/malware/spyware/email attachment in your system. They don't need it.

For being one of the world's most wanted high profile individual that is actively being surveilled, tracked, and pursued by the US government, I would too. But that is not the case for the great majority of people using the Net.

The funniest thing is, TOR was created by the NAVY and was funded by the National Defense. Snowden merely made use of their system. LOL.

If fact, I'm using Tails right now typing this out.

TOR was turtle slow before. It's hardly usuable. Now, it's rather fast. Perhaps, it's my connection.

If you really want to be safe online, either turn off your modem or use TOR.

However, most people do not bother turning off their modem. They just leave it unattended when not in use or when they are sleeping. Your connection is open 24/7 for possible attacks and eavesdropping. So, kindly turn off your modem every time you don't use it. You'll be adding more security to your system.

[brushless]

Walandyo may kapareha pala ako dito.

No credit card ako.

No ATM

Withdraw sa bank teller.

I have credit cards. But, no to ATM. I've heard a lot of horror stories with regards to that. The bank can't even protect you. Passbook all the way for me. It's really much safer if you have paper evidence of deposits and withrawals, machine validated by the pretty teller, face to face, eyes to eyes, smile to smile, with CCTV cameras on you. Lmao!

[kagalingan]

sa credit card ano pwede maging problema and ano dapat safety?

[xwangbu]

sa credit card ano pwede maging problema and ano dapat safety?

skimming and theft.
get an Rfid sleeve para di ma-scan card mo.
dapat me notification feature yung account mo at least
para alerted ka sa mga transactions.
better yet, use a virtual CC.

[brushless]

sa credit card ano pwede maging problema and ano dapat safety?

A reliable cc company should text and email you on every transaction made on your cc, small or big. They should also have an anti-fraud department to monitor your buying pattern and should it detect something odd, they will notify you immediately. If it's a fraud attempt, they will cancel your cc and issue you a new one. When buying online, they should have an OTP system, where they text you a one time pin (OTP) so you can complete the payment.

Always keep your cc safe. If you are going to places like Divisoria, leave your CC at home. Just bring cash.