[liberationtech] advice on securing a new computer

Sun Jan 27 17:18:46 PST 2013

Sam,

Here are my suggestions from my personal experiences:

1. For blocking apps the best firewall app I've seen for Mac OS X consumers
is: Little Snitch, as it does per application blocking
http://www.obdev.at/products/littlesnitch/index.html

2. Use Google Chrome when browsing the net, it's not perfect but in my
opinion is the most secure web browser.

3. Disable ALL automatic updates when going into a hostile region, to
prevent FinFisher
type<http://krebsonsecurity.com/2011/11/apple-took-3-years-to-fix-finfisher-trojan-hole/>malware
attacks

4. Use full disk encryption, I prefer WinMagic SecureDoc for OS X, but
FileVault works too if you don't want to spend the money. I won't use
FIleVault because to the best of my knowledge it only supports AES 128 bit
encryption, not 256 which is pretty much standard these days. HOWEVER BE
WARNED authorities in foreign countries may detain you until you give them
access to your machine, therefor any really sensitive work I highly suggest
a Windows VPS with Remote Desktop to prevent having any sensitive data on
your machine if it is lost, stolen, or seized.

5. Subscribe to a remote VPN service in a 3rd party country, for ease of
use I'd suggest a PPTP VPN provider. If you absolutely have to run any
system or software updates, only do so when connected to your VPN provider.

6. Use Gmail, with two factor authentication enabled: Google
Authenticator<http://support.google.com/a/bin/answer.py?hl=en&answer=175197>,
e-mail stored on your own laptop is not always a good idea.

7. As for cloud storage I would suggest the use of
CloudFlogger<http://www.cloudfogger.com/en/>with Dropbox, with a
strong password! Some people will tell you to use a
TrueCrypt container with DropBox, I say nay, The reason being CloudFogger
does file-by-file encryption which is important so when you change a single
file, you don't have to resync the entire container file, only the changed
file. Saves a lot of time, and bandwidth. Another cloud provider that
includes encryption is called "SpiderOak <https://spideroak.com/>",
although I personally like to keep my encryption and storage
provider separate. CloudFogger + DropBox will also run on iOS or Android so
you can access your files. Don't forget to turn on full device encryption
on your Android phone as well.

8. Always have the TOR bundle handy.

Good luck,

Brad Beckett
Freelance IT Security Consultant

On Sun, Jan 27, 2013 at 4:52 PM, sam de silva <sam at media.com.au> wrote:

> Hi there,
>
> Are there any guides that tell me how to make a new computer secure, for
> both use and connecting and communicating via the net?
>
> My set up is as follows:
>
> - Macbook Pro, running Mac OS 10.6.8
>
> My requirements are as follows:
>
> - I am almost always connected to the net, and need fast access, and full
> web-browsing experience
> - I'd like to block apps from sending out / receiving data from the net
> - I'd like a secure cloud storage space for my own stuff and occasionally
> share with others
> - My workplace is Microsoft-based we have email via IMAP. I'd like to have
> the option to send encrypted (PGP) emails to others.
> - I'd like to secure the email that's stored on my laptop. I'd like to use
> Apple Mail as my client.
> - I travel often, and I'd prefer not to have my data fall in to the wrong
> hands.
>
> - I am not a geek, but can install my own applications and if guided
> properly can do terminal stuff
>
> ---
>
> Any feedback or direction appreciated.
>
> Best, Sam :-)
>
>
> --------------------------------
> Sam de Silva
> skype: samonthenet
> sam at media.com.au
> +61 412 238 041
>
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130127/39c1b18d/attachment.html>