Tomcat
Professional
- Messages
- 2,689
- Reaction score
- 981
- Points
- 113
1. Where is the best place to store information?
Information storage - it is better to store all information in cloud services that support encryption of the client side (Mega, pCloud and others). You can read more about them in the next article today.
If you are already using any Google Drive, then you can integrate several encryption programs with the cloud drive: truecrypt and rohos disk.
2. What is the safest way to communicate?
We managed to talk about this
3. How are users calculated?
Let's take a look at a couple of ways to calculate a user that many people forget about.
What an ordinary user does is change their IP and enjoy life. Advanced also removes cookies, and also considers himself relatively secure. But we all forget that every browser and system has its own almost unique fingerprint. The technique consists in collecting all information about the browser, plug-ins, operating system, installation time (where it is possible to get the time), all this information is quite unique and allows 70-75 percent to identify the user, and this is already quite a lot at the initial stage.
Browser and OS fingerprinting system is now on all social networks. That is, if you went, for example, to one resource where your fingerprint was taken, and then turning off the vpn went to your classmates, then consider that you are in, since 2012 the second stage of the search has been the verification of data by fingerprints, access to the AWP have employees of the big brother, all the rest receive data on request.
Next, the IP address is used (even under the vpnom) and the timings are checked.
How does this happen?
Everywhere (throughout Europe and Russia, etc.), in all Data Centers, equipment is installed to record traffic (this is the terrible word SORM, Solera, E-Detective, etc., this equipment (recently) records all traffic on the DC as incoming Next, the packets are checked by time intervals, that is, the number and size of the outgoing packet in a period of time is counted and the time it takes to complete the route is also added to the incoming one and voila, we have a client who is hiding behind the vpnom.without requesting data from the VPN provider, we have the client's real IP.
4. Virtual machine, is that enough to hide (change) the fingerprint?
The virtual machine will hide your fingerprint and will transmit its own, you need to configure the reset parameters and reinstall the system in the virtual machine from time to time, with changes in the parameters. If we talk about a virtual machine on remote hosting, then this should not be used at all if it is not prepared in a certain way (gateway, mixing, vpn, migration, etc.), and even you are one virtual client.
5. Do providers store user data?
The Federal Security Service of the Russian Federation intends to gain full control over the data of users of the global Internet. So, the experts of the department took part in the creation of the order of the Ministry of Communications and Mass Media, according to which, from July 1, 2014, all providers must install the necessary equipment that allows recording and storing at least 12 hours of Internet traffic data. In addition, according to the draft order, access to this information in full should be provided to the country's special services.
According to Kommersant Publishing House, the department monitors, among other things, phone numbers, IP addresses, user account names, email addresses in mail.ru, yandex.ru, rambler.ru, gmail.com, yahoo services. .com and others; unique identification number of the user of the Internet chat ICQ, international mobile equipment identifier (IMEI), called and caller IDs of Internet telephony, etc.
In addition, the document provides for the transfer to feds representatives of data on the location of subscriber terminals of users of Internet telephony services (Google Talk, Skype, etc.)
Note that many experts called the draft order unconstitutional, since its provisions imply the collection and storage of user data without a corresponding court order.
This equipment is installed within the framework, but already has a more targeted character for tracking subscribers.
The minimum security measure is now a complete rejection of IM clients and the transition to jabber with mandatory OTR encryption, as well as the rejection of all IP telephony, except for the use of services with encrypted conversation and mandatory IP substitution (respectively, with sip proxying on the server side)
6. How can I check routes and how can I protect myself from the service itself?
To check anonymity, we check all the information, for a start like this:
1) We go to the server and look at the input IP, then turn on the logs on the server and restart again (on the server issued to you) and check the IP connection to the server in the security audit (that is, in fact, the log about which IP you connected from, if the protection would not be, then it will be your home IP)
2) We check the outgoing IP address and see if it matches the incoming one, it should not match.
3) We check again if the traffic goes through the jap service, the simplest thing is to specify the jap server address in the proxy and check if the service is working. (this is described in the instructions)
This is the simplest route check.
But anonymity will not be anonymous if we can control you, and with such a check, we can still sniff traffic and see what you are doing.
In order to protect yourself, you are given the opportunity to encrypt traffic from us, for this, a VPN client from a third-party company is installed on each machine, which is paid by us. Traffic is encrypted passing through our gateways exactly by your VPN and we have no way to track it.
One more hole remains, we can access your information on the hard drive.
For this, an additional hard drive has been made on each machine, which is designed to store information, from our side it is encrypted, but this does not save you from us, therefore there is an installed program for data encryption on the desktop, which we strongly recommend to everyone to use.
7. What can you say about the expediency of using a cryptophone? Will there be any sense if I have, but the interlocutor does not? Or should both subscribers have cryptophones?
Of course, both should have it, otherwise there is no point in it, by the way, those that are sold in Russia and certified in them do not even make two sense.
8. Who is transmitting secrets via the Internet or Cellular? Why would an average user classify their Skype conversations?
People are different and things are discussed very often online. It is not always pleasant that an extra eye is following you, well, and then do not forget that at the moment, for example, all Skype correspondence goes through Microsoft servers, which most likely means that even after some time you will be able to impute any correspondence (even indirectly, but still). The most harmless option is the transfer of some kind of candy. data than people exchange frequently.
8. Is the port recorded in the Internet browsing log on your servers?
At the entrance to date, 8 IPs, each of them working for their own group of clients.
Outgoing IP more than 50 * 20 = 1000 pieces
It is unrealistic to calculate by port which is in no way connected with the machine, and even more so with Internet access. For every ten client connections, there are about 100 parasitic ones, so it's almost impossible to try to weed out the address.
Anonymity can only be achieved by using a large number of dynamically changing inbound and outbound routes using mixing (mixing) of all traffic for all clients.
9. What if VPN disconnects?
The fact is that a lot of users (who save money) end up because of the "dropout" of the VPN service, that is, in fact, even a request to the VPN service is not necessary, since many users of the VPN service have a client at least once, but disconnected. At the moment of disconnection, services such as skype, icq, webmoney manage to receive your ip faster than you connect a VPN. Accordingly, you will light up and then there is no point in hiding. In order to disconnect the Internet when the VPN is disconnected, you need to change the routing, or rather, in the network connection settings, remove the gateway (after connecting to the VPN). This is the easiest way, although many vpn services have already begun to provide a program for removing the gateway, but you should not install unknown programs (it is much easier to write a batch miniscript). Routing is the route through which the Internet goes, it can be run directly,
10. How effective is it to set a password in the BIOS on modern motherboards?
There is no point in setting a password for any motherboard in BIOS at the moment for security. It doesn't make sense, it makes sense to create a combined password for the encrypted partition with a key. Or better yet, make a dual system using the same true crypt. In general, keep information on a machine that may be physically accessible to attackers, even if everything is encrypted it is not correct. But as an amateur option it is encryption and use of a hidden container + dual system.
"Everything should be like that of illusionists, everything is in plain sight and everything is open, and the fact that there is something hidden, you cannot even guess before that, and in the encryption systems on local computers it is clear that you encrypted something and if you want, then you will give all the passwords yourself. "
If the old BIOS, then you can pull out the battery and the BIOS was reset, and in the new ones, the password is stored in the memory and can only be reset with a soldering iron. So if the PC is seized, it will not be difficult to reset the password.
11. If you have a 3G modem and it is possible to change SIM cards at least every day. Is such a service relevant at all? Does the modem have some kind of ID, or change the SIM card, change the modem, the computers themselves also have some kind of unique identification number ?!
The 3G modem has both a network address and an IMEI, which will allow you to track you even when you change SIM cards. The computer, however, does not seem to have any relation to the modem, that is, it does not shine its network addresses, but the hardware and system ID shines, so if you do not use security systems (in addition to VPN), use at least a virtual machine on the local computer.
12. Are there elementary recommendations for "dummies" to protect your PC from penetration of all sorts of "hackers" and dangerous software? No anonymity.
The easiest option, if you are on Windows and are in LAN, then:
1. Install firewall + antivirus, advice - agnitum
2. Disable balls on your PC, if it is on Windows (even administrative C $, etc.), they are now being used again for brute.
3. Try not to accept files from strangers.
4. It is not necessary, but it is desirable to put double authorization on the entrance + encrypt all data that are valuable (or carry them on a USB flash drive, or save them in the cloud).
13. SIM cards that have ever been inserted into the modem, is information about them stored somewhere?
Yes, such data is stored by the operator.
14. Which virtual machine would you recommend to use on your home computer?
The easiest option is to install VirualBox.
