5 Mandatory Steps For Protecting Data From Eavesdroppers

| March 6, 2013 | 20 Replies
5 Mandatory Steps For Keeping Data Safe

5 Mandatory Steps For Protecting Data

Chris Dougherty
VirtualThreat Contributing Writer

 

Every day we hear news reports in the mainstream media about social network hacking, malwaremalicious account takeovers and protecting data. It doesn’t matter if you are the average Joe Blow or a huge corporation like Burger King, everyone is being targeted these days.

Cyber criminals are searching for everything from your banking and financial info to your email, Facebook and and other social networking passwords. Luckily there are technologies and a few simple practices that can help you stay safer online, as well as offline.

Here are 5 Mandatory Steps that you should follow for protecting data from hacking and eavesdroppers…

1. IMPORTANT: Use Strong Encryption To Protect Your Files

Encryption is the process of encoding a message, or any other data, in such a way that eavesdroppers or hackers cannot read it, but authorized parties can. Today there are many options that provide both software and hardware encryption solutions for protecting your data.

TrueCrypt is a free open source software that provides automatic, real-time (on-the-fly) and transparent data encryption. With TrueCrypt you can encrypt a single partition or an entire storage device such as USB flash drive or hard drive.

The safest way to use TrueCrypt is to encrypt the entire storage device or hard drive. At a bare minimum, the partition or drive where Windows is installed should be encrypted.

DataLocker DL3 Encrypted Portable Hard Drive

DataLocker DL3 Encrypted Drive

For those of you who don’t want to install software, there are also several military-grade storage devices that provide hardware-based encryption for data protection. By doing a simple search on Google I was able to find the following 6 options that provide strong hardware-based encryption:

  1. DataLocker DL3 1TB
  2. Aegis Padlock 3.0 1TB
  3. ThinkPad USB 3.0 1TB
  4. Buslink CipherShield 1TB
  5. Kanguru Defender 1TB
  6. Imation (IronKey) Defender H100 1TB

A couple of weeks ago I was able to personally review the DataLocker DL3 encrypted hard drive and I really liked the fact that it was so incredibly easy to use. It also had a lot of cool features like the touch screen display and self destruct mechanism. As DataLocker put it so eloquently, this encrypted hard drive is “Simply Secure”.

* Save 10% on your purchase of any DataLocker Encrypted Drive by using the coupon code “VTHREAT10″ (without quotes) on the DataLocker website

Regardless of which encryption solution you decide to use, it is important to remember that this is a mandatory first step in securing your data from prying eyes.

 

2. CRITICAL: Create A Bulletproof Password

The next step towards reducing the threat of online identity theft should come in the form of a very secure password. The majority of account hacks reported each day are do to the use of insecure passwords. Hackers often make use of automated software and huge word dictionaries in order to brute force account passwords. Using the 15 tips below, you should create a very strong, unique password for every site that you visit on the Internet.

A strong password:

  1. has 15 or more characters
  2. has uppercase letters
  3. has lowercase letters
  4. has numbers
  5. has symbols, such as ~ ` ! @ # $ % ^ & * ( ) _ – = + [ ] { } | ; : ‘ ” , . < > \ / ?
  6. is not like your previous passwords
  7. is not your name
  8. is not your government ID number
  9. is not your birthday or that of a family member
  10. is not your login or user name
  11. is not your friend’s name
  12. is not your family member’s name
  13. is not your pet’s name
  14. is not a common name
  15. is not a dictionary word

If you have a hard time coming up with a strong password on your own, you can always use a password generator like the iPassword Generator or the free secure password generator found at PasswordsGenerator.net.

Once you have created your password you should store it on an encrypted hard drive to keep it safe. This is the single best way to limit your exposure to online account takeovers and hackers.

Where appropriate, you might consider using a two-factor authentication mechanism like Duo:Security or Google’s 2-step validation as an added layer of security.

 

Hide Your Password From Prying Eyes

Hide Your Password From Prying Eyes

3. CRUCIAL: Hide Your Password From Prying Eyes

Once you have created a strong password you will need to keep it in a secure place away from prying eyes.

The simplest answer, while managing to achieve at least some acceptable level of security, is to create a password list and store it on an encrypted storage device.

A better answer is to install password management software like LastPass or KeePass on your encrypted drive. Both of these applications are free and they allow you to store all of your passwords in a single encrypted database.

LastPass runs natively on all major platforms including Windows, Mac and Linux. KeePass is geared primarily for Windows users, however the developer’s website claims it has also been tested on Wine. Wine is a compatibility layer that allows you to run Windows applications on Linux, BSD, Solaris and Mac OS X.

The combination of an encrypted hard drive AND password management software provides the best solution for keeping your password list safe from hackers and eavesdroppers.

 

4. URGENT: Install Security Software on Smartphones, Tablets and Computers

Cyber criminals are now using various strains of malware, spyware and malicious links to steal your information. Any device that is connected to the internet is a potential attack vector for these types of attacks. In addition, hackers are increasingly using social networks to lead you to websites where they can install malicious software on your devices.

I personally use Lookout Mobile Security software to keep my smartphone safe from malware and other malicious apps. Lookout provides real-time protection for smartphones and tablets running both Android and Apple iOS software (iPhone, iPad, etc). An additional version is also available for the Amazon Kindle Fire HD device.

Facebook is another popular attack vector for hackers. You can use the ESET Social Media Scanner to scan your Facebook account, as well as the timelines of your friends, for malware and links to malicious websites. The ESET Social Media Scanner application also offers an option to scan your local computer for signs of malware. I strongly advise that users run this additional security feature to be certain their computer is safe from threats.

ESET Smart Security 6 is another application worth mentioning for protecting data from hackers. This one software provides all-in-one internet security and comes with an Anti-Theft feature and the Social Media Scanner. There is also a similar version for Mac users called ESET Cyber Security.

 


ESET Smart Security - Save 25%

Save 25% on ESET Smart Security 6

 

Prey Project Anti-Theft Software

Prey Project Anti-Theft Software

One other important piece of security software that I thought I should recommend is called Prey. The Prey Project was developed as an open source anti-theft solution for laptops, phones & tablets and is used by people all around the world. According to the Prey Project website, “Prey lets you keep track of your laptop, phone and tablet whenever stolen or missing — easily and all in one place. It’s lightweight, open source software that gives you full and remote control, 24/7.”

I personally use Prey on all of my electronic devices and love it. I know a friend-of-a-friend, who has Prey installed, that actually was able to recover his laptop after it was stolen while he was living in Costa Rica.

 

5. ESSENTIAL: Use A Locked-Down Environment For Online Shopping, Banking and Filing Taxes

The best way to stay safe while shopping online and performing financial transactions is to create a secure operating environment. You can build a custom environment yourself by installing various software on an encrypted drive or you can use a solution that provides out-of-the-box protection.

Either way, the goal is to open a new window on your desktop that instantly provides a secure environment for browsing the web and reading web-based email.

Building A Custom Environment:

In order to build a custom environment on an encrypted drive I would suggest installing the latest version of Portable VirtualBox and then downloading your favorite Live CD operating system image to the drive. I had a DataLocker DL3 encrypted hard drive laying around so I decided to create my environment on that.

Portable VirtualBox is a software program that allows you to run Virtual Machines (VMs) on any USB storage device or hard drive. A Live CD is an operating system that runs entirely from memory and typically never writes files to your local hard drive. Each time the Live CD is restarted, it erases all traces and starts up with a fresh environment.

Once Portable VirtualBox is installed and running on the encrypted drive, you can create a new virtual machine with a virtual CD-ROM device attached to the Live CD image file. I personally like to use the latest version of Ubuntu for the Live CD, but you can use your favorite.

Once you have created your virtual machine in Portable VirtualBox you can simply start the machine, wait for it to boot up, and then open a browser to surf the web. Once you are finished browsing the web or checking your email, you can simply close the virtual machine to erase all tracks.

Any malware that you accidentally downloaded during your browsing session would be automatically erased once the virtual machine was shut down or restarted. It is important to note however that any files, bookmarks or configuration changes made while working in the virtual machine will also be lost when the machine is shut down.

Kanguru Defender DualTrust

Kanguru Defender DualTrust

Out-of-the-Box Solutions:

There are several ready-made solutions that provide a secure browsing environment while shopping, banking and reading email online. Two alternatives that I found were the Encrypt Stick 3-in-1 Digital Privacy Software and the Kanguru Defender DualTrust security device.

Encrypt Stick runs on any USB flash drive, installs in seconds, and turns your flash drive into your own Digital Privacy Manager (DPM). The Encrypt Stick developers claim that the software protects your web browsing experience, your passwords and your private files. The software comes with both free and paid options and includes versions that run on Windows and Mac computers.

The Kanguru Defender DualTrust is an all-in-one software and hardware solution that provides encrypted storage as well as secure web browsing. If you are concerned about malware, viruses or spyware on your PC, then this is a great solution for you.

According to the Kanguru website, “The Kanguru Defender DualTrust™ provides complete confidence to pay online bills, do your banking, make purchases and browse online in a safe and secure environment. It opens up a secure, protected browser session, isolating itself from vulnerabilities that could potentially “trace your steps“ in an ordinary browser window. ”

Simply plug in the Defender DualTrust, create a secure password and the device will boot to a secure web browsing environment. Once you unplug the device, the Defender DualTrust leaves no trace of your session behind.

I think I will try the Kanguru Defender DualTrust this year when filing my taxes online. Maybe you should too.

 

In Summary:

Whether you are an average internet user who simply uses the web to check email and shop online, or you are a corporate or government user accessing sensitive information, you need to take a few extra security measures in order to protect data from hackers and eavesdroppers.

The 5 steps listed above should be put in place right away in order to get you started on the right path to achieving the highest level of data security while online.

 

– – –

About the author…

Chris Dougherty is a grey hat hacker and online security expert. Please visit his blog, www.VirtualThreat.com, for more excellent news and information about protecting yourself in cyberspace.

This article is offered under Creative Commons license. It’s okay to republish it anywhere as long as attribution bio is included and all links remain intact.

 



Tags: , , , , , , , , , , , , , , , , ,

Category: How-To's, News, Reviews

Comments (20)

Trackback URL | Comments RSS Feed

  1. abinico warez says:

    Article is absolutely right about how to create a password, but from having developed encryption products, I know all that are available commercially can be decoded by the NSA, and the NSA will not allow a commercial product that it cannot decode – how do I know – they told me. Developed an email system using such encryption – not allowed – so much for this being a free country. You can create unbreakable data with readily available public domain stuff – there are a few simple tricks to do this, and that’s all I am gonna say.

  2. Joey says:

    Thank you.

  3. Well then, says:

    abinico all I’m gonna say is: open source it.

  4. Paul says:

    Wrong in many ways.

    Keepassx is the Linux-native version off Keepass. No need for WINE.

    Don’t trust Keepass(x) or anything else to protect you if you’re in their sights. TEMPEST techniques (yeah, I know that technically TEMPEST is the name of the counter-measures, not the eavesdropping) will let them monitor your keystrokes and monitor. And they can always break in and install physical devices to do the same.

    Truecrypt is dangerous to the extent that if you’ve ever installed it you should physically destroy the hard disk containing truecrypt volumes. There’s a patch that allows unlimited hidden volumes. “Give us your key” “Here it is.” “Now the key to the hidden volume.” “But I don’t have a hidden volume.” “You can’t prove that, give us the key.” In repressive regimes you’ll be tortured for that non-existent key. In my regime (the UK) you’ll be jailed for contempt of court. On release, you’ll be told to hand over the non-existent key, then jailed for contempt of court again – in effect a life sentence.

  5. J. Russell Kennedy says:

    In addition to these steps, there are a few other things that you should definitely do.
    Use a VPN in conjunction with the TOR network. Run the TOR browser from a virtual drive. Make sure you read the directions for TOR and never open files or download anything while using TOR
    Use a pre-paid mobile broadband device (registered in a fake name) for your internet provider. Use at least 4 different devices, from different cell companies, and rotate so they never have time to bring out the tracking systems to triangulate your location.
    Use a drive wiper such as CC Cleaner every time you log off the internet and run high quality virus/spyware scan every time you log off the internet.
    Never leave your PC connected to the internet when not in use.
    another thing that you should do FOR SURE is install webcam software that has a motion detector that records when the camera senses movement in the room. Logitec makes a webcam available at WalMart for $50 with the software and capability. With the “Patriot Act’s Sneak and Peak” provisions, you never know when government agents have come into your house and installed surveillance devices without your knowledge. The motion detecting camera will catch them and let you know when it is time to sneak away in the middle of the night to shake them from your trail.
    Set up a system restore point on your PC before the very first time you ever use it to connect to the internet. Every time you use the computer on the internet, system restore back to that point.
    This is a WAR we are in people. OUR government DOES consider each and every one of us to be it’s enemy. WE MUST protect ourselves from their Unconstitutional Aggressions against us. They want us indefinitely detained and are gathering evidence RIGHT NOW against every one of us, that refuses to conform, to give them the excuse to remove us from the “obedient society” of brainwashed sheople without it looking like they are doing wrong. Be PARANOID because, if you think you are being watched, you definitely are being watched!! I guarantee it!!

  6. GoldenMan says:

    I’m just the average (below average) Internet user, but I do continually try to find ways to protect my privacy. Excellent article. Thanks.

  7. ablogger says:

    Way cool! Some extremely valid points! I appreciate you penning
    this write-up and also the rest of the website is also very good.

Leave a Reply