.

Security Questions

<<

Ps_107

Newbie
Newbie

Posts: 19

Joined: Sun Oct 30, 2011 3:54 pm

Post Mon Oct 31, 2011 7:17 pm

Security Questions

I don't know where else to post this so I'll post this right here..

1) What are the most "secure" places for using a laptop?

2) Also, would it be possible for someone to hack into a personal laptop if the owner was using it some place else other than their own home?
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Mon Oct 31, 2011 7:55 pm

Re: Security Questions

1.) anywhere it is NOT connected to a network or the internet.  (sorry, but it's the truth.)  Anywhere else, you take your chances.  The laptop is only as secure as you make it.  Just keep updated Antivirus and Antispyware on it, and be wary of anything that looks unusual, such as certificate warnings to sites you frequent regularly, and normally don't see errors on.

2.)  home or not doesn't matter.  If the circumstances are right, you'll get hacked ANYWHERE.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

p0et

User avatar

Full Member
Full Member

Posts: 197

Joined: Thu Nov 02, 2006 4:38 pm

Location: Victoria, Canada

Post Mon Oct 31, 2011 8:36 pm

Re: Security Questions

Hayabusa's right on the money.  There really is no "secure" place to use your laptop other than anyplace you turn off wifi and unplug your network cable.  ;)  I would have to say that it's more common to have your wireless devices "hacked" or the traffic sniffed outside of the home.  That's just what I've personally noticed though.
GCIH, Security+, Network+, A+, MCP, DCSE
<<

Ps_107

Newbie
Newbie

Posts: 19

Joined: Sun Oct 30, 2011 3:54 pm

Post Mon Oct 31, 2011 8:45 pm

Re: Security Questions

hayabusa wrote:1.) anywhere it is NOT connected to a network or the internet.  (sorry, but it's the truth.)  Anywhere else, you take your chances.  The laptop is only as secure as you make it.  Just keep updated Antivirus and Antispyware on it, and be wary of anything that looks unusual, such as certificate warnings to sites you frequent regularly, and normally don't see errors on.

2.)  home or not doesn't matter.  If the circumstances are right, you'll get hacked ANYWHERE.


Thank you to Hayabusa and Poet for you guys' feedback.

Well, here's the other thing.. 

I've been considering getting a laptop and having an "Antivirus" and an "Antispyware" installed, along with having a Web Application Security Tester to protect my business.

After I've done that though, does that necessarily mean that my new laptop's going to be all patched-up from vulnerabilities?
<<

White ghost

User avatar

Newbie
Newbie

Posts: 36

Joined: Sun Oct 30, 2011 11:21 am

Location: ASIA

Post Tue Nov 01, 2011 1:36 am

Re: Security Questions

what is your laptop os?
if you have windows on your laptop you msut have an updated antivirus (Total security version of antiviruses are batter) and you must update your windows to patch all known security bugs

and about where is safe for laptop?
whenever you connect to any network with your laptop ( no matter there ishas internet or not) it maybe dangerous
MCITP CCENT
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Tue Nov 01, 2011 7:07 am

Re: Security Questions

@Ps_107 - you might be all 'patched up' today, but understand that new vulnerabilities are found, daily, so it's a never-ending process to stay safe.

I'm sorry if my first response put some fear into you.  Just that, in reality, that's the way it is, nowadays.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Tue Nov 01, 2011 7:50 am

Re: Security Questions

There is always risk involved when connecting your computer to any network.  I keep shields up at all times (firewall active and AV actively running).  When I am traveling I tend to VPN into my home network before I do anything.  I have more control of that network than hotels, Panera's or Starbucks.  You Web application tester will probably have some skills with helping you secure your personal laptop but honestly, keeping AV updated, local firewall running and updating ALL software regularly will keep you about as secure as you can get. 

If you are worried about data, you can always utilize software like Truecrypt and create encrypted containers on your local/network storage drives.  Windows 7 also utilizes Bitlocker in the Business/Ultimate editions. 

Also if you are using something other than Windows (Mac or Linux) do not assume you are immune to attacks.  Mac OS exploits and viruses have been coming out much more frequently than in the past and Linux is also vulnerable to attacks.  Granted they are much less than Windows and even Mac but they are still out there.  Besides what you have that a blackhat might want is not necessarily on your local systems.  They may want access to your email, your web hosting information and credentials, bank information and all that is out on the web.

Education is your best friend and common sense goes a long way.  Don't hinder your business by being too paranoid, but use the paranoia to better secure your business.

Also as far as securing your home office, I would recommend investing in a SOHO style firewall (Small Office Home Office) such as a Sonicwall or Watchguard device.  They are fairly easy to manage once they are setup and they have a low reoccuring cost for service and support.  The bonus to these devices is that they will include other services besides simple port forwarding.  The Sonicwalls (I am most familiar with) provide IDS/IPS as well as gateway antivirus.  So that ends up filtering much of the garbage before it hits your internal network.  Something to think about.

Also as you are building this business, don't get frustrated if some new security software/hardware makes something not work.  Rather than turning off the security feature, make sure it is properly configured with the correct exceptions to keep your apps running properly.

Good luck!
Certs: GCWN
(@)Dewser
<<

WCNA

User avatar

Full Member
Full Member

Posts: 187

Joined: Wed Mar 02, 2011 8:05 am

Location: Florida

Post Tue Nov 01, 2011 7:55 am

Re: Security Questions

107- You might want to consider using a Live CD or bootable USB stick when you are out and about (I would suggest the latest Ubuntu if you have little experience or a secure distro if you do). It's somewhat safer than using Windows directly from your hard drive.

If you must use Windows, then (with all the above advice from other forum members) use Sandboxie to make it much harder for a script kiidie to do permanent damage in addition to encrypting all your sensitive data (most people like TrueCrypt).
Last edited by WCNA on Tue Nov 01, 2011 7:58 am, edited 1 time in total.
ISC2 Associate, WCNA, CWNA, OSCP, Network+
<<

Ps_107

Newbie
Newbie

Posts: 19

Joined: Sun Oct 30, 2011 3:54 pm

Post Tue Nov 01, 2011 3:33 pm

Re: Security Questions

White ghost wrote:what is your laptop os?
if you have windows on your laptop you msut have an updated antivirus (Total security version of antiviruses are batter) and you must update your windows to patch all known security bugs

and about where is safe for laptop?
whenever you connect to any network with your laptop ( no matter there ishas internet or not) it maybe dangerous


I truly appreciate your input.

When you say, "you must update your windows to patch all known security bugs," are you referring to upgrading to a more recent and better brand of Windows or are you saying to simply upgrade the version of Windows that I have right now?

Also, what's the best version of Windows that I can own right now?

Thanks again.
<<

Ps_107

Newbie
Newbie

Posts: 19

Joined: Sun Oct 30, 2011 3:54 pm

Post Tue Nov 01, 2011 3:37 pm

Re: Security Questions

hayabusa wrote:@Ps_107 - you might be all 'patched up' today, but understand that new vulnerabilities are found, daily, so it's a never-ending process to stay safe.

I'm sorry if my first response put some fear into you.  Just that, in reality, that's the way it is, nowadays.


Hey man, thank you again for taking the time to respond.

It looks like I don't have much of a choice but to become a hacker myself (ethical of course).

But seriously, I like straight-forward answers and I truly appreciate your honesty.

I have a better understanding of what steps need to be taken, no matter how costly they may be.

Peace.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Tue Nov 01, 2011 3:44 pm

Re: Security Questions

No worries about taking the time to respond. 

We're here to help one another learn.  Sometimes, folks take posts the wrong way (aka - another of my responses, today, drew fire.)  They're rarely intended negatively, but they're generally brutally honest, so sometimes I (and others) have to double-check wording, to make sure the point is made without offending or scaring someone.

Anyway, if you have further questions, that's what we're all here for.  Learning and info-share.

Have a great day!
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Ps_107

Newbie
Newbie

Posts: 19

Joined: Sun Oct 30, 2011 3:54 pm

Post Tue Nov 01, 2011 4:49 pm

Re: Security Questions

3xban wrote:There is always risk involved when connecting your computer to any network.  I keep shields up at all times (firewall active and AV actively running).  When I am traveling I tend to VPN into my home network before I do anything.  I have more control of that network than hotels, Panera's or Starbucks.  You Web application tester will probably have some skills with helping you secure your personal laptop but honestly, keeping AV updated, local firewall running and updating ALL software regularly will keep you about as secure as you can get. 

If you are worried about data, you can always utilize software like Truecrypt and create encrypted containers on your local/network storage drives.  Windows 7 also utilizes Bitlocker in the Business/Ultimate editions. 

Also if you are using something other than Windows (Mac or Linux) do not assume you are immune to attacks.  Mac OS exploits and viruses have been coming out much more frequently than in the past and Linux is also vulnerable to attacks.  Granted they are much less than Windows and even Mac but they are still out there.  Besides what you have that a blackhat might want is not necessarily on your local systems.  They may want access to your email, your web hosting information and credentials, bank information and all that is out on the web.

Education is your best friend and common sense goes a long way.  Don't hinder your business by being too paranoid, but use the paranoia to better secure your business.

Also as far as securing your home office, I would recommend investing in a SOHO style firewall (Small Office Home Office) such as a Sonicwall or Watchguard device.  They are fairly easy to manage once they are setup and they have a low reoccuring cost for service and support.  The bonus to these devices is that they will include other services besides simple port forwarding.  The Sonicwalls (I am most familiar with) provide IDS/IPS as well as gateway antivirus.  So that ends up filtering much of the garbage before it hits your internal network.  Something to think about.

Also as you are building this business, don't get frustrated if some new security software/hardware makes something not work.  Rather than turning off the security feature, make sure it is properly configured with the correct exceptions to keep your apps running properly.

Good luck!


Thank you very much for all of the helpful information you've provided me. 

You said, "When I am traveling I tend to VPN into my home network before I do anything.", I'm a little confused.  I thought a VPN could only be accessed in other public locations other than your own home.. (such as a business complex or maybe even a library).  I'm probably just missing something though, so would you mind explaining how to VPN your own "home network" without being in a business complex and the like?

Other than that, I'm definitely going to take everything you've said into consideration.
<<

eth3real

User avatar

Sr. Member
Sr. Member

Posts: 309

Joined: Wed Feb 27, 2008 10:35 am

Location: US

Post Tue Nov 01, 2011 4:57 pm

Re: Security Questions

If I go to Starbucks or the airport, or really anywhere that has an open network, I'll forward all of my traffic through an SSH tunnel to my home network. That way it just looks like encrypted traffic on the public network, but I still have to rely on the security of my home network to make sure my data is safe. :P
Put that in your pipe and grep it!
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Tue Nov 01, 2011 5:19 pm

Re: Security Questions

@eth3real ++1
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Ps_107

Newbie
Newbie

Posts: 19

Joined: Sun Oct 30, 2011 3:54 pm

Post Tue Nov 01, 2011 6:03 pm

Re: Security Questions

WCNA wrote:107- You might want to consider using a Live CD or bootable USB stick when you are out and about (I would suggest the latest Ubuntu if you have little experience or a secure distro if you do). It's somewhat safer than using Windows directly from your hard drive.

If you must use Windows, then (with all the above advice from other forum members) use Sandboxie to make it much harder for a script kiidie to do permanent damage in addition to encrypting all your sensitive data (most people like TrueCrypt).


Thank you very much for the program's you've suggested.

I've done my research on all of them and I'm more than likely going to implement them into my work.

Thanks again for the helpful information.
Next

Return to Other

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software