Results 1 to 10 of 26

Thread: Setting up a VPN, Securing Computer?

Hybrid View

  1. #1
    Join Date
    Jun 2011
    Location
    Arizona
    Beans
    23
    Distro
    Ubuntu 11.04 Natty Narwhal

    Setting up a VPN, Securing Computer?

    Being the paranoid, suspicious, and avid privacy nut that I am, I have set about the process of securing my data and my Internet. I'm also working on ways of staying as anonymous as possible in the real world, but that's for a different forum. Before I get to my question, some explanation and overview is in order:

    I have, over the past year or so, done my best to safeguard my information as best I know how. I make good use of encryption in the form of Truecrypt triple-layer cascade encrypted volumes with lengthy passwords, I use a firewall and Tor for most of my internet traffic, and all of my known online accounts use twenty-one character, almost completely random passwords which are stored in an encrypted file and managed by a privacy-enhancing firefox plugin, which also clears flash cookies and warns me of privacy concerns on websites I visit. I have a plethora of firefox add-ons installed to protect me online, including a spam and tracking network blocker, a virus scanner, and Foxyproxy (which handles my connection to the Tor network). I also use good passwords on my computer and I've done all I can to prevent unauthorized access.

    Based on some research I found online, there are still a few things that I want to do: lock the BIOS with a password, encrypt my entire filesystem, erase all unnecessary e-traces of myself I can get my hands on (I have a feacebook, but I'd like to keep it as a communication tool), and enhance my mobile security (android phone, already encrypted the filesystem and use Tor).

    The last four items I'm not entirely sure how to put into action. I need to find a method of encrypting my filesystem without destroying my data, erase as much of my online identity as possible, and keep my phone's data and network connection secure. How should I go about these things?

    Also, I have considered setting up a Virtual Private Network to provide a secure connection for my mobile phone's online traffic. I have absolutely no idea how this works in practice, and what benefits it offers over Tor. Based on the info I found online, I was considering using a secured VPN to connect my phone to a home server created from an old Dell I have lying around, which would run the traffic through a firewall, virus-detection software, secure http proxy, and on to the internet, perhaps through Tor (though that seems a bit redundant). that way, any data going over my mobile network would be unreadable by AT&T on it's way to and from the internet. Is that feasible? If so, How would I get that to work?

    All help on these subjects is appreciated.

  2. #2
    Dangertux is offline Chocolate Ubuntu Mocha Blend
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,771
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Setting up a VPN, Securing Computer?

    Ok wow. Where to start. I am on my phone at the moment so I will answer as much as I can but I am sure others will chime in as well.

    For the bit about deleting your online identity so to speak, that is going to be most impossible if you've used any type of social networking. Minus google indexing things social networks do not like to let you delete your info. You can send them a letter demanding a record of our information and that they remove it. However due to terms of service they may or may not have to remove it. As far as things google caches that is there to stay.

    Now on to Tor. Tor is not really as anonymous as people would like to think. For one the exit router is a huge concern the exit router in the Tor network has access to whatever data is sent unencrypted. The intermediate routers do not, they only get the encrypted data. It is because of this that Tor is weak one for data protection and two because it makes end to end corellation very easy. Particularly because most likely your DNS lookups are not being proxied.

    Now on to the VPN and those issues with the phone. Of the two Tor or VPN the VPN will protect your data better but will not protect your anonymity as well. While Tor traffic is both sniffable and traceable it's very difficult and unlikely that the average person would try. I would still choose the VPN of the two. Now on to AT&T not being able to watch what you do, so long as you are connecting through wireless and not the AT&T data network that is not a problem. Unless you're paranoid, then you realize that AT&T has an alway on data link to your phone and the necessary software and hardware to interface with it at a "root" level. So if your paranoia stems that far it is literally impossible to secure your phone from your wireless provider.

    As far as full disk encryption without destroying your data you should be able to do this via ecryptfs. As always back up your data first just in case.

    Hope this was helpful.

  3. #3
    Join Date
    Jun 2011
    Location
    Arizona
    Beans
    23
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: Setting up a VPN, Securing Computer?

    what about setting up a privacy server? I got the idea awhile back and i think i mentioned it above... i was considering using an old dell i have as an ubuntu server, and connecting to it over VPN. I can then have the server route my data through Tor, which would hide my ip address and give me at least decent anonymity while protecting my VPN-secured data. I would guess though that i'd need end-to-end encryption for my data to be truly safe, and the whole VPN thing would only protect my data as far as the server. That would be nice because I'm planning on running a mail server (if I can figure out how to make the damn thing work right) on the same machine, and thus I could fetch my email securely. Still, its not really what I'm looking for. I've tried using a Firefox addon to enforce secure HTTP connections on most sites, so im assuming the same thing could be made to work from the server (which would route the traffic it got from my VPN connection) and on to the website im trying to reach. Even so, i have no idea if that setup is secure at all, or even feasible for that matter. Any thoughts?

    I also heard about 'tunneling', but I have not the faintest idea what that is or whether it will help me at all.

  4. #4
    Dangertux is offline Chocolate Ubuntu Mocha Blend
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,771
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Setting up a VPN, Securing Computer?

    Quote Originally Posted by Bryant.GhostInTheMachine View Post
    what about setting up a privacy server? I got the idea awhile back and i think i mentioned it above... i was considering using an old dell i have as an ubuntu server, and connecting to it over VPN. I can then have the server route my data through Tor, which would hide my ip address and give me at least decent anonymity while protecting my VPN-secured data. I would guess though that i'd need end-to-end encryption for my data to be truly safe, and the whole VPN thing would only protect my data as far as the server. That would be nice because I'm planning on running a mail server (if I can figure out how to make the damn thing work right) on the same machine, and thus I could fetch my email securely. Still, its not really what I'm looking for. I've tried using a Firefox addon to enforce secure HTTP connections on most sites, so im assuming the same thing could be made to work from the server (which would route the traffic it got from my VPN connection) and on to the website im trying to reach. Even so, i have no idea if that setup is secure at all, or even feasible for that matter. Any thoughts?

    I also heard about 'tunneling', but I have not the faintest idea what that is or whether it will help me at all.
    If you're going to go with VPN I would forgo Tor entirely. It is sort of self defeating in addition to the VPN since the end point can than sniff the traffic.

  5. #5
    Join Date
    Feb 2007
    Location
    Central USA
    Beans
    169
    Distro
    Ubuntu 10.04 Lucid Lynx

    Talking Re: Setting up a VPN, Securing Computer?

    Hi,
    I am not very versed in VPN or the inner working of net traffic but being the "paranoid, suspicious, and avid privacy nut" that I am I have found that it is next to impossible too be "anonymous" while online. Almost every website logs your IP which is directly tied to you via your ISP which has your name and address etc. Even if you can conceal your IP you also have a mac address which is not changable and is like a model # direct tied to the machine and ultimately you. Facebook and other social networking sites are harvesting and even selling that user info for BIG profits. Phones are another NO Privacy" area. Your phone again tied to you and knows exactly ( roughly) where you are, who you are. and if you use " yahoo mail" or "Gmail". Face book or twiitter or both. I would not even have any of the newer phones becuz as they are getting smarter and more "sync=able" to facebook and other things they are also now more vunerable.
    Only real way to stay private is to start from the beginng. Use a bogus name for facebook and your mail accounts. Encrypt all mail sent and recieved. NEVER use your phone for private communication. never use blue tooth ( easily hackable).
    I have all my impportant "money files" P-word protected AND encrytpted AND I dont store them on my laptop. I also dont name them what they are, ie Bank info or Money. I have them named things like "Dinner recipes" Breakfast entrees".
    However if you do find a safer way I am truly interested as I have always been concerned with Privacy and it,s ever dwindling presence lol.
    Good luck, Hope this wasnt to rambling
    I got me some beans now and I'm not afraid to brew

  6. #6
    Dangertux is offline Chocolate Ubuntu Mocha Blend
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,771
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Setting up a VPN, Securing Computer?

    Quote Originally Posted by Ex-windows View Post
    Hi,
    I am not very versed in VPN or the inner working of net traffic but being the "paranoid, suspicious, and avid privacy nut" that I am I have found that it is next to impossible too be "anonymous" while online. Almost every website logs your IP which is directly tied to you via your ISP which has your name and address etc. Even if you can conceal your IP you also have a mac address which is not changable and is like a model # direct tied to the machine and ultimately you. Facebook and other social networking sites are harvesting and even selling that user info for BIG profits. Phones are another NO Privacy" area. Your phone again tied to you and knows exactly ( roughly) where you are, who you are. and if you use " yahoo mail" or "Gmail". Face book or twiitter or both. I would not even have any of the newer phones becuz as they are getting smarter and more "sync=able" to facebook and other things they are also now more vunerable.
    Only real way to stay private is to start from the beginng. Use a bogus name for facebook and your mail accounts. Encrypt all mail sent and recieved. NEVER use your phone for private communication. never use blue tooth ( easily hackable).
    I have all my impportant "money files" P-word protected AND encrytpted AND I dont store them on my laptop. I also dont name them what they are, ie Bank info or Money. I have them named things like "Dinner recipes" Breakfast entrees".
    However if you do find a safer way I am truly interested as I have always been concerned with Privacy and it,s ever dwindling presence lol.
    Good luck, Hope this wasnt to rambling
    It's actually pretty easy to change your MAC address...

    This conversation is descending from practical security and privacy to the tinfoil hat club quickly. What is it you are actually trying to accomplish. If it's being untraceable, you don't have the time or resources I can guarantee you that. So maybe it's better if you set an attainable goal instead of frustrating yourself?

  7. #7
    Join Date
    Jan 2008
    Location
    USA
    Beans
    971
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Setting up a VPN, Securing Computer?

    Quote Originally Posted by Dangertux View Post
    Now on to Tor. Tor is not really as anonymous as people would like to think. For one the exit router is a huge concern the exit router in the Tor network has access to whatever data is sent unencrypted. The intermediate routers do not, they only get the encrypted data. It is because of this that Tor is weak one for data protection
    All of this I agree with. Tor is an anonymity network and not a data integrity or privacy network. There is a difference in privacy and anonymity.

    and two because it makes end to end corellation very easy.
    This I do not agree with. While there have been some academic attacks on Tor, I am aware of very few that have been demonstrated practically. Thus I would have to disagree that end-to-end correlation is "very easy." Doable by a national intelligence service maybe, but probably not by many others.

    Particularly because most likely your DNS lookups are not being proxied.
    That's only if you have misconfigured Tor. It is fully capable of routing DNS through the network. Indeed, this is why they now endorse the Tor browser bundle -- it is ready to go out of the box with all of the configuration done for you.
    Occam's Razor for computers: Viruses must never be postulated without necessity -- nevius

    My Blog

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •