Category: Security – From the Inside Out!

The sad truth is, it’s more likely then not, you will face a time that something bad happens. Perhaps its a security control you put in place will fail. Maybe it’s a update you didn’t apply because it required a restart (or three). Or perhaps you’ve angered a nation state, regardless of which, backups will be what saves you (assuming your not abducted and interrogated by the previously mentioned nation state). All these what ifs, is why it is the first item that will be given a more in-depth dive…

So what, exactly, is a backup? It is simply a ‘verified’ good copy of your data and/or anything you deem important that resides on a device of electronic storage. So items like Word docs, spending spreadsheets, family photos, recorded videos of your kids playing in the backyard, legal documents, and/or your music collection.

It is important to specify the following, that a copy is a copy, not the original. You cannot simply move your important data on a RAID 5 array and consider it backed up. It is also not moving the data onto an external storage medium. You must have more then a single copy of your important data. This means your original copy plus one, at a minimum. So you could keep your original on your laptop or desktop, with a copy on a file server. Maybe this file server has a RAID array… Maybe this server is linked to a DropBox account so an additional copy of the data will reside in the ‘cloud’… Maybe this server is also backed up onto a USB drive, be it a flash drive or an hard drive. This is the first step…

The second step, is the ‘verified’ backup or copy of your important data. So why do I quantify the ‘verified’ part in verified good backup, this is due to the fact, you do NOT have a backup if it hasn’t been tested. Tested to the point, that you have taken the time and effort to restore what you’ve backed up, to some other piece of storage medium you have access to and verified everything is there and you can access it. It is recommended to fully test your back up and restore functionality a least once a year. The more important data you could check at least every 6 months, more often as your comfortable.

To review, you only have a backup if… One, the data is not the original (as in it is a copy) and, Two, the data that is backed up or copied, is tested or verified to be available and in good condition in the event the time comes to restore it.

 

•  Backups
  • If it’s important, have a backup
  • A backup is not moving the file(s) in question to an external drive and calling it ‘good to go’
  • 3-2-1
    • This means having at least 3 total copies of your data, 2 of which are local but on different mediums/devices/services, and at least 1 copy offsite.
    • 2 local
      • Your main computer
      • A secondary computer
      • An external hard drive you backup to
      • A NAS on your local network
    • 1 offsite
      • Data backup services
        • Backblaze
        • Cloudberry
        • Carbonite
        • Mozy
      • Online Storage Services
        • Google Drive
        • Dropbox
        • iCloud
      • External Media
        • HDD/Optical media
        • Media given to family or firends to store
        • Media placed in a Bank box
        • Media given to a lawyer

So for the actual first post on this first series on the BWTS blog, we’re going on the ‘Inside’.

So with this, we will start looking at the networks endpoints, so your computers, servers, tablets, phones or in other words, the devices you tend to use. The general advice for all of these are:

• Have the latest, currently supported Operating System installed
  • Apply all Operating System patches/updates/etc
    • More difficult with Android phone due to OS fragmentation
    • More difficult with OLDER Apple devices
• Have anti-virus and anti-malware software installed
  • It is to be the most current and supported version
  • Ensure it’s definitions are current and updating properly
  • Yes, even Macs, iPhones, Android, and Linux…
  • Yes, I’m serious about this…
  • Malware is not just limited to Windows and being able to detect and stop the spread of malware (even if it doesn’t effect your platform of choice, is still a good choice)
  • Just think about it in terms of being a good neighbor on the Internet, OK?
• Use a firewall if possible on your endpoints
  • Continue to tune and refine it, do not just set it and leave it
• Use the most current and supported web browser
  • Recommended are Chrome and FireFox
    • Secondary recommendation for Brave
    • Tor Browser bundle with an honorable mention
  • Use adblocking/script stopping extensions/addons
    • Gorhill’s uBlock Origin
    • Noscript
    • Adblock Plus
  • Run inside of a sandbox
    • Sandboxie
    • If resources are available, create a VM to do general web browsing
      • VMware Workstation
      • VirtualBox
    • If sandboxing is not possible:
      • Boot off of a Linux boot CD/DVD
      • Install a version of Linux or BSD Operating System onto a spare computer
        • Ubuntu
        • Debian
        • Mint
        • FreeBSD
        • PCBSD
• Use strong passwords
  • This advise seems to change with time, but what has stayed constant:
    • Make it as long as possible
    • Use it like a passphrase and not a password
      • Lyrics to a favorite song
      • Sentences
    • Complex
      • Use of upper and lower case characters, numbers, and special characters
  • Use a password manager and let it manage everything for you
    • Use a strong master password
    • KeePass
    • LastPass
• Backups
  • If it’s important, have a backup
  • A backup is not moving the file(s) in question to an external drive and calling it ‘good to go’
  • 3-2-1
    • This means having at least 3 total copies of your data, 2 of which are local but on different mediums/devices/services, and at least 1 copy offsite.
    • 2 local
      • Your main computer
      • A secondary computer
      • An external hard drive you backup to
      • A NAS on your local network
    • 1 offsite
      • Data backup services
        • Backblaze
        • Carbonite
        • Mozy
      • Online Storage Services
        • Google Drive
        • Dropbox
        • iCloud
      • External Media
        • HDD/Optical media
        • Media given to family or firends to store
        • Media placed in a Bank box
        • Media given to a lawyer

It is important to note, there is no such thing as perfect security. So everything here will be best effort, because the closest you can get to ‘perfect’ security is a brand new computer, sealed in a concrete block and dropped into the ocean.

So stay tuned for more as get into the inside and work our way outside!

So for the actual first post on the BWTS blog, we’re going to start a series. This will be an overview with deep dives on various topics, with today being the general overview.

So security for most, tends to be ‘I’ve installed a firewall and antivirus, so I’m all set’. In a much more perfect world, this could actually be the case. In ‘this’ world that we live in, it ends up being a lot more complicated. You must have security starting from the inside out, which is what we’ll endeavor to cover. This starts at your endpoints, so your computers, servers, tablets, phones or in other words, the devices you tend to use. This then moves outward, encompassing your switches, routers, firewalls, Internet connection and progresses to the ‘outside’, so all of your external services. These externals are things like your e-mail accounts (since most use a web mail service like Gmail and Yahoo, and do not host their own), social media, online financial accounts, etc.

It is important to note, there is no such thing as perfect security. So everything here will be best effort, because the closest you can get to ‘perfect’ security is a brand new computer, sealed in a concrete block and dropped into the ocean.

So stay tuned for more as get into the inside and work our way outside!