Recent events in the computer services arena have reminded me again of some loose ends in my postings. I’ve got nothing on how to set up your own Web Server (so not dependent on someone like WordPress) nor how to set up your own email server (which is a PITA to admin as the SPAM load becomes gigantic), nor how to do secure “Social Media” (as until a week ago I never ever did ANY “social media” as it is by definition just a giant personal security exposure). Is any of that of interest? I’d just figured likely not.
My general view tends to be biased toward setting up shops for companies (as I’ve done that more than anything else). I’ve also avoided “Desktop Services” for the simple reason that they are almost 100% Microsoft based; which makes them “icky” in a very very large way, and IMHO they are insecure from the start. While I suspect this is from TLA (Three Letter Agency) influencing operations, it could just as easily be incompetence. In either case, the general feeling of repugnance it gave me kept me away. So I tend to see the world with a “back room” bias.
With that bias stated (so folks can adjust for it), here’s my view of Secure Systems Needs and some generalized comments. The whole idea here is to generate feedback. This is how I order things, but you WILL have different desires and opinions. So “what am I missing?”. What is the bit you really want that I’m ignoring. What is the thing I’m clearly caring about where you just don’t give a damn? Put up your wish list. Not saying I’ll do anything about it, but I will consider it for future postings.
So is your crying need for a monitoring proof telephone? Not needing a TLA proof system, just a way to pop a DVD or CD into your laptop (to boot something other than Windows since otherwise you just defeated yourself) and have a secure “computer to computer” telephone call? (Skype without the Big Brother problems) Or do you want a dedicated SBC (Single Board Computer) that sets up a VPN to your friend and lets you swap files and chat / IM (Instant Message)?
Here’s my view of the lay of the land, ordering of things:
Properties & Processes desired in a secure system.
1) Hardware & Software not subject to TLA/Vendor compromises (“backdoors”)
2) Secure (encrypted / hidden) data storage
3) Anonymity – of person. of machine. of services. of location.
4) Secure (encrypted) communications methods
5) Hack proof / resistant services.
6) “Chatty” about suspicious activity / hacking attempts. (IDS / IPS).
Processes, Procedures & Materials:
1a) Hardware. Biggest threats are USA TLAs (Intel chips) and China (just about everything else fabbed / assembled in China.) In general, folks building small appliances like routers, cameras, and firewalls are very “close to the hardware” and spot anomalies early and often. Hardware for desktop use gets less scrutiny. It is better to use boards that are intended for non-desktop use. For that reason I’ve focused on the Raspberry Pi and the Korean boards from Odroid. In theory, the Korean boards are a bit more hack proof, but are also a bit harder to “make go” with smaller user community and less software choice. Until proven otherwise, either board ought to be “safe enough” for anything not in the “Spy vs Spy” arena. Other boards, like the Orange Pi family, ought to be similar, but being sourced / fabbed in China are by definition suspicious. I’ve had several encounters with things from China arriving from the factory “pre-hacked”.
1b) Software. Open source, widely available and strongly inspected for security. That would be BSD first and foremost. OpenBSD, FreeBSD. They are hardened and more secure than just about anything else available to the general public. OpenBSD in particular. They are NOT without risk. There is always the chance of a creative attack on an unexpected bug. (“Bug” does not necessarily mean “software error”. Many classes of attack are really attacks on an unexpected interaction of software or hardware choices. It is often the case that good well written software can have an unexpected interaction that was not foreseeable. While system Crackers work to find those obscure edge cases, systems programmers work to eliminate them just as fast. But BSD is hard for a novice to install, configure and operate. A very close second is Linux. I would avoid SystemD based Linux as it opens a large attack surface on a key part of the system that is NOT well understood, nor well inspected by many eyes, nor well proven in decades of use. In short, it’s a unknown risk on a key and large attack surface. Not good. For that reason Devuan on a Raspberry Pi is my base system, with BSD second.
2) Data Storage. LUKS is the usual Linux encrypted disk method. A system can be built on a LUKS encrypted disk fairly easily. Any disk volume can be encrypted as well. Individual file encryption has even more choices. As just a quick sample, this is the result of asking Devuan what commands have something to do with encryption (on a system where I’ve not yet installed luks):
cbc_crypt (3) - fast DES encryption crypt (3) - password and data encryption crypt_r (3) - password and data encryption des_crypt (3) - fast DES encryption DES_FAILED (3) - fast DES encryption des_setparity (3) - fast DES encryption e4crypt (8) - ext4 filesystem encryption utility ecb_crypt (3) - fast DES encryption gpg (1) - OpenPGP encryption and signing tool passwd2des (3) - RFS password encryption symcryptrun (1) - Call a simple symmetric encryption tool xcrypt (3) - RFS password encryption xdecrypt (3) - RFS password encryption xencrypt (3) - RFS password encryption
There are others. An examination of the choices and decision tree is in order, I think.
3) Anonymity is usually supplied by using TOR / Tails. The Onion Routing network. Using a VPN service can also help for “lite weight anonymity” in that it masks IP and point of origin and moves your identity information to the VPN service provider (often in a different National Jurisdiction). TOR is a well defined and established service. Are there others? Better? Worse?
4) Privacy of communications divides into a couple of types. One is the direct machine to machine communication of bits. The other is person to person via things like email and “chats”. For machine to machine, TOR is the extreme case. It hides both the bits in the communication and the “contact trace”. Who is talking to whom? IF you do not care about hiding the existence of the connection, a simple encrypted VPN (Virtual Private Network) works fine. They are widely used in businesses. Individuals can use them in places like coffee shops to have an encrpted link between their laptop and a remote server that then originates their traffic to the internet propper. (Thus blocking packet sniffers in the coffee shop from seeing what’s in the data packets).
For private person to person communications, one can use a drop box or direct file stransfer of an encrypted file (so a letter might say “read this” and have all the real information in an attached encrypted file.) For that to work, you must have a way to exchange encryption keys that is secure; or use “Public Key Encryption”.
There are also several providers and methods of Public Key encrypted email. That’s a place I need to search and settle on a provider. This also has the burden that you must creat a “Public / Private Key Pair” of a paragraph or two of bits, and configure / save / secure them; then exchange them with others doing encrypted email. Most people are too lazy to do this, so encrypted email has not taken off in any big way.
Related is the notion of encrypted chats and telephony. IP Telephony is now common. Just running it over an encrypted VPN between two sites is sufficient. If desired, the workstations themselves can negotiate an encrypted link. Avoid software like Microsoft Skype as it is highly likely to be TLA compromised. There are open source alternatives that I need to list and describe. (I’ve not done this just because I’ve never wanted nor liked the Skype like services.) My Family tends to use Apple Facetime, which has historically been fairly secure but locked to Apple platforms. I’m not sure that security can continue to be assumed.
5) Secure Services: TBD. There’s a lot of very IN-secure services. Google Chrome loves to get you to stuff your data onto their servers and use their (remote hosted…) software services. All of that is highly suspect. ANY Cloud data storage is a bit suspicious and a big risk (unless you have encrypted the “blob” before you stick it there). Similarly, having all your written documents and photo processing on remote services just means there is a huge risk of meta-data (who what where…) being collected or text key word scanned. In general, local processing on a secure BSD or Linux box for things like text, images, spreadsheets, etc. ought to be secure. The LibreOffice suite provides most of these and GIMP is good for photos (if a bit complicated and obscure – but then again most image processors are…) Beyond those, just what services would be desired? Not a lot for me.
There are infrastructure services I think are critical to have in house. DNS server is one. This lets you CHOOSE your “upstream” DNS provider (so your ISP doesn’t by default know everyone you look up) and you can use advertising blocking sources by default. In addition, you can block whole IP ranges from returning results. Do you REALLY want to connect to servers whose IP originates in China? Afghanistan? Iran? (parts of Virginia and Washington DC?… just sayin’…) Similarly, having control of your own router lets you “kill” routes to places like Russia. Riddle me this: WHY would the DNC server or Hillary’s server be connected to a network that even allows routing to Russia? At least force the system attack to come through a USA, Canada, or EU VPN provider where you might have some cooperation in tracking it. To me this is “basic essentials”, but YMMV and most folks think about it exactly never.
6) Most folks in the home environment are blissfully unaware of their computing and communications environments. They want it to “just work” and otherwise be silent. Yet there is a constant shit storm of hacks, cracks, and system attacks underway. A better way of doing things is to have your overall system / site “nag” you about that. This is the realm of IDS Intrusion Detection Systems / IPS Intrusion Protection Systems. From the simply home ISP provided router / firewall up to full on IPS / IDS dedicated packet inspection engines; it is a large and very complicated topic. How often have you looked at your router statistics to see the number of “broken packets” it dealt with? There are many kinds of attacks that depend on particular kinds of distorted data communications packets. If those stop “at the gate”, fine, but if they show up “inside your house”, a red alarm ought to go off. (Either you are being hacked and successfully got through the ISP -Internet Service Provider- firewall, or you have defective network gear inside.). I’ve pointed to some of the open software choices in a prior posting, but not gone into detail. Is there really interest in the details?
So that’s the way I see things. It is a huge and terribly complicated field. I see it from the belly of the beast. That is unlikely to be the best point of view.
Is there something that in your POV (Point Of View) is missing? Is there something I covered, but in such a jargon heavy way your eyes glazed but you would like a “human friendly” do-over? Or would folks rather just go back to talking politics and who is tossing mud at whom lately? ;-)