Home Admins
The date is July 15th, 2022 and I wrote this page almost 20 years ago – before the world went wireless, before smart phones and other such devices. I didn’t have the time to respond to all the emails I was receiving for cybersecurity so I took the most asked questions and responded to them by writing this. I took it down a few years ago…
Here’s the deal – this is for you to read – I will not respond to any questions, nor do I want to work with you. You can do this yourself, I believe in you…
When I first wrote this, most folks had all their data on their computer and very few backed anything up to an external drive – no one backed anything up online. Today, almost nothing but the username and passwords to access the data through an app are on people’s devices – all the data is online and accessed through an app. It’s as if people think that the information they are accessing on their device is actually IN their device and as long as they have the device physically within their space they think everything is safe… It’s really a meathead way to look at it, but it’s accurate…
I’m gonna assume you know the basics and will move right into the dirt. The basics would be knowing how to secure your personal machine/device. This page will step out of your machine/device and deal with everything between your machines and your Internet connection. I am assuming you have either DSL or Cable (when I originally wrote this, dial-in was still the main way folks connected)…
There are a few things you are trying to protect from “bad guys”. The first would be your computer: it stores all your data, pictures, contact info, etc. Your computer can be protected to the extent that the “bad guys” would get tired of trying to get in there and move on to an easier target. The second thing you want to protect is the information you send all over cyberspace. While you’re shopping online (credit card information), while making changes to your website and checking email (passwords), and the like…
The only safe computer is the one that does not touch the Internet (the technical term for this is “Air-Gapped”) – but that would simply be an expensive paperweight in today’s world…
UNIX and Linux boxes are pretty secure in that you kinda have to know what you are doing to get in there, and it takes a grotesque display of “user-error” to infect these things with viruses and the like. These machines have to ask for and receive the root (“Administrator”) password before installing anything.
A Windows machine will just install it once you enable it – Viruses, Spyware, Worms, Keyboard Loggers, etc…
If you want “security” for you machine, you have to run your own firewall and in-house server/s. This will keep the “bad guys” out, but still allow you to send data out to cyberspace.
Let’s run a test: Get Ethereal for your computer – most Linux and UNIX BOXES come with it. Get it, read the documentation, install it, and get it up and running. Now watch the network traffic. You can see the IP address, MAC addresses, location, passwords, webpages, etc. All the activity that is happening on your network is at your finger tips. You can see what each computer is doing online – and the scary thing is that you can see the usernames and passwords coming and going…
You need to stop as many of these passwords as possible from coming and going across the Internet to another server. If someone happens along, they can catch that data just as easily as you just did. Let me put it to you another way: Even with the best firewall in the world, the more data that travels out past your firewall to the Internet, the more that firewall starts looking a lot less like a firewall and a lot more like a hub…
Let’s do another test: run the “ping” command (it’s built into every OS in some way or another). Ping your email server (EX: ping mail.yourdomain.com), ping your webserver (where you frequently ftp your website changes). How many hops does it take to get to it’s destination? How many people, do you think, could snag your user information between each hop?
The only way to keep this data from flowing out into Cyberspace, for anyone to catch, is to bring the server in-house. If you have an in-house server, the info stops at that server – it goes from your computer to the server. That’s it…
If you have one, ping your in-house server – one hop. That one hop is within your network, your network is in your house, and you know who’s in your house right now So, if someone’s trying to be a “bad guy” their most likely sitting a few feet from you…
Unless…
You just had to go wireless, didn’t ya?
Here’s what you have to do when going wireless:
- Stick the wireless router in the DMZ (De-militarized Zone). The DMZ is between your firewall (which should be a properly configured UNIX/Linux box) and the Internet (which is your cable or DSL modem). You must not allow a wireless router within the network, when it becomes compromised, the doorway is open to the rest of the computers on your network. If it is in the DMZ, the bad guys still have to get through a UNIX/Linux server before they can get to the rest of the computers. Then they have to deal with those firewalls, etc. The point is, the longer it takes for a bad guy to get inside your network, the more likely he is to move on to an easier target…
- Know that the computer you are “going wireless” with, the client, is always vulnerable. The only “safe” computer on your network is behind your firewall and “wired” to it…
- Get a D-Link or Airport, read the documentaion, and secure it as well as you can. Close all open ports incoming, open only the outgoing ports that you use, configure the router to talk only to the card you are using (usually via MAC address), and DENY all IP and MAC addresses accept for the specific ones you are using…
- Unplug the wireless router when you are not using it and disable the wireless portion of your computer when not using it…
- Know that no matter what you do, that wireless router, and the computer you use to go wireless, is an “open hole” into your world, unless it is turned off…
So you’re all setup and ready to go. OK, let’s test it! I’m assuming you’ve done everything to this point:
- Your computer is “safe” because you’ve “secured” it as best you can…
- You’ve got a properly configured firewall between your computer/s and the internet…
- You’ve set up an email and web server in-house so most of your important information doesn’t get bounced around cyberspace…
- …and you put the wireless router in the DMZ. Not only is it in the DMZ. but it’s properly configured as far as you know.
No one’s getting in there, right?
Tell you what, get it all up and running. Set it all up and get your laptop online through the wireless router. Have a friend bring over his laptop and run Kismet (UNIX/Linux) or KisMac (MacOSX) – I’m sure there’s one for Windows, but never bothered to look. Anyway, install it, configure it and check it out. This is a completely passive network scanner (if you are running ethereal on your computer while your buddy is scanning the network you would not see him) that catches all Access Points and Wireless Clients within range. It monitors “closed networks” by monitoring for traffic sent by the Wireless Clients, shows these IP addresses/ranges and MAC addresses and much more.
After a while, your buddy has all the info he needs accept for one thing, all he has to do is run Ethereal for an hour or so to get it – now he has all your passwords that you have used while online.
Keep in mind that it doesn’t matter which side of the DMZ the wireless router is on, if someone knows what they are doing. Not only do they now have access to your wireless router, so they can use it and hog your bandwidth for you, but they just got all the information that you were trying to protect in the first place…
Unless you have a “closed network” you are always vulnerable. None of us would have any use for a closed network. All we can do is try to make it a point to keep our vulnerability to a minumum…
If you do nothing else (due to lack of funds and/or know-how), you should at least get the firewall up and running and put your email server inhouse.
Why email?
If a “bad guy” has your mail server, username and password – which I think this page proves anyone can do with a little time and effort – they can check your mail without your knowledge. They simply have to check a button in their email program (“leave mail on server”), and you would never know they were doing it cause you would get your email just as you always do (you wouldn’t see it at all).
Now, think about that…
Everytime you order something online or join an online subscription of some type, they send you an email, don’t they? Usernames, passwords, addresses, phone numbers, credit card info, software installation numbers, account numbers, etc. If they can receive your email, this info is theirs…
2022 Update: Think about this for a moment. When Hilary was Secretary of State she ran her own email server. That in itself is probably against the law because of her position in government. When you think about it, this is the smartest thing she ever did in her life. If anyone wants past email/s all she had to do is destroy that servers hard drive (as well as her personal computer hard drive) and it’s gone – two minutes, a large magnet and a sledge hammer and no one will ever see those emails… |
The Internet is a vast place and none of us will ever be safe from the “bad guys” as long as we’re using it. Of course, “not using it” is not an option for most of us, so all we can do is try to “keep our vulnerability to a minimum”…
Now, to really update this page, I feel the need to add the following. With the advent of the cellphone (having the power of a super computer in your pocket and totally wireless), as well as the over use of the cloud and social media, the entire world has taken online security and completely thrown it out the window. There’s nothing I can do to help the world at this point, but I can help the few folks who are on this page and have read this far…
People in the know, know this. Ever try to find info on a CEO, COO or CFO of a large conglomerate? You’re not going to find anything they do not want you to know. They have people working for them who keep their digital profiles to a minimum as well as train them in what not to do (so they won’t “feed the beast”) – you only get what they want you to have…
You can do this too. You just need to take your time and walk back a few mistakes you’ve made over the last 15-20 years. Don’t try to rush it because you don’t want to miss anything…
I actually wrote the following in January of 2021 in the post “History of Modern Assimilation“:
Our daily life does not really permit having an “air-gapped” device within a “Faraday Cage” – not only would this not be be affordable for most of us, but it wouldn’t allow us to do our daily work. Don’t completely stress, there are ways to keep your digital footprint small while continuing to use a device:
1st, you have to have an Apple Device 2nd, do not download an app which has it’s own website – use the website 3rd, do not download an app you do not need 4th, do not download any app made by Amazon, Facebook, Google or Microsoft 5th, turn off all “Location Services” 6th, turn off all “Tracking” 7th, turn off “Siri” 8th, turn off “Airdrop” 9th, turn off “Background App Refresh” 10th, turn off “Automatic Updates” – do them manually a week or two after you have read how it may effect your device (which is usually a week or two after the initial update) – so, yes, wait 4-6 weeks 11th, turn off “Bluetooth” 12th, turn off access to all “Privacy” settings within each Apple app so no other app can access any of your personal data, microphone or camera 13th, take all pics offline – out of the cloud 14th, take all data offline – out of the cloud 15th, “close” all your social media accounts – there’s a trick to this, first thing you want to do is get in there and delete pics and data. Then don’t do anything for 3-6 months – do not login at all. To simplify, this “breaks” the links associated with meta-data related to your data and pics from your account. The meta-data links have to be broken for a few months so that web-spiders can properly kill those links. 16th, do not save any usernames, passwords or payment information within any app – we weren’t always so lazy, we use to memorize this stuff all the time – here’s the “funny” thing, people always tell you not to write it down, but if you’re saving them to your device, or allowing your device to save them, then that is actually more dangerous. If you need to, go old school. Get an old pocket phone book and write all the usernames, password and (oh yeah) phone numbers in there – and keep it on you just like we use to. Make a code that only you and a few family members understand in case you lose it – and write in pencil so you can easily edit when needed 17th, encrypt as much as possible 18th, I actually put a piece of electrical tape over the camera of my devices (just in case) – take it off and put it back on as needed 19th, Don’t forget to turn off “cookies” within Safari itself – you can turn them back on (and off) as needed – the cool thing about this is, if a website won’t work without cookies, you know the entire time you are on that website that everything you’re doing is being tracked – knowing when you’re being tracked is a good thing 20th, use “DuckDuckGo” as your default search engine – I really don’t trust DuckDuckGo either, but they feign to be secure. I personally use old school search engines because no one else does (so they’re faster), they tend to produce better results and I can use them with “cookies” turned off 21st, Always clear history, cache and cookies at the end of each session in Safari – just in case The less interaction your device has online the less data there will be on you – if you need to interact, do not let it be something happening in the background (within an app), interact with websites directly in Safari and then clear all history, caches and website data within Safari when you’re done. Basically, you want to make yourself a hard target so the bad guys will move on to a softer target – there’s 5 billion active internet users – they’ll move on to someone else pretty quick… |
To add to the above, if you have an iPhone and absolutely want to have the most secure phone possible, do the above and then: In “Settings” go to “Privacy & Security” and then scroll all the way down to the bottom of that page. You’ll find “Lockdown Mode”, click on that and then click on “Turn On Lockdown Mode”. A lot of stuff isn’t going to work if you do this – but your device will never get hacked…. If you want your iPhone to simply be a phone (with a few features here and there), this is definitely for you…
In February 2021, I also wrote in important post which may help you to better understand the “big picture” here – and why I decided to put this page back “out there”: Social Media Perception Management
To add to the above, I wrote this in June 2022, last month, in the post “Lead… Follow… or Watch…“:
No American who uses any type of social media or keeps any data of any kind online has a right to privacy (YET) – YOU essentially wave YOUR rights when YOU agree to the “Terms of Use” for that platform (no one reads what they are getting into before clicking that button)…
All of this data is harvested and can be sold to anyone – including law enforcement – so essentially, you have no right to privacy – anyone can simply buy your data (without just cause and without a warrant)… YOU specifically need to check if the company has a government contract of any type – large or small, local or federal. If they do, part of the fine print of their contract is that they must voluntarily share data with government agencies… No need for just cause or a warrant… So far, these contracts have not been knocked down by the judiciary, but many companies are cancelling their contracts once they see what is happening with the data… The Fourth Amendment covers you in your home and the physical “persons, houses, papers, and effects” – so they need a warrant to search your house, car, computer or phone – but at this point, most people have more information about themselves online than they do within their physical property. Here’s the kicker, deleting an app on your phone does not delete the data from the company server online. You have to contact the company directly and ask them if they will delete your digital profile from their server/s and/or database/s – THIS IS NOT A JOKE! As an added bonus, the caveat to the “kicker” is that they have no control of deleting your digital profile from who they have already sold your data to – those who have already bought it can do whatever they want with it. The data most people think is on their phone isn’t actually on their phone. Their phone is a “portal” to the data/information which is actually stored on several servers in another state/country which is being sold to companies you will never hear of and stored on their servers in other states/countries… Here’s something even farther down the rabbit hole… and you never agreed to the “Terms of Use” for this: The new assumption here is that EVERYONE is guilty until proven innocent. Like I said – ASS-BACKWARDS… |
Now, what I saw in the mid-90’s, when the Internet was first handed to the public, was “I want the ability to…” from marketing and sales in various companies I was working with – for the most part, the CEO’s, COO’s and CFO’s wanted to know how they could do the opposite (protect the data). As time went on, sales and marketing “needed” to work remotely and when handheld super computers came out the rest of the world (the public) threw security out the window for ease of use… Anyone who wasn’t there when this all came out, and has watched what it has turned into, has no idea of the repercussions happening in the background today… The only way to secure the world at this point is if a solar flare kills all power… No Government, no company and no group of individuals can do it…
Hell, they don’t really want to. They want your data.
When all is said and done, every great hack that has occurred in the last 20 years began with a guy sitting in a coffee shop, on a roof or a parking lot – running ethereal for a few days – just gathering intel from all those wireless devices. Gathering usernames and passwords for individuals access to specific locations online – some data isn’t even protected, it’s just an open URL. Those sales and marketing guys who “need” to do all they think they “need” to do remotely and, believe it or not, cops devices are usually wide open… They have no idea… What the hell do they think sales and marketing did before 1995…? They did their work at the office (ahead of time) instead of on site (last minute) – what a concept… They remembered names and phone numbers – what a concept… They used paper maps for directions – what a concept… Does anyone do any of this anymore…?
What would actually happen to all of these people if a solar flare hit all the grids in the world…? That’s not even doable for most people. Let’s think simple and small and ask another question – what would people do if the all access to the Internet shut down…? No device with a connection – no Internet…
Where’s your money? How do you pay for groceries? How do you pay for gas? How do you pay for a plane ticket? How do you pay for a train ticket? What vendors have cash on hand for change? Which vendors have employees who can even make change? Where’s your maps? Where’s the nearest mile marker? Where’s your address book? Where’s your calendar? Where’s your pictures? Where’s your “file cabinet” and “paperwork”? Where’s your report card and SAT/ACT scores? Where’s your presentation/s? Where’s the nearest payphone or other hardwired phone? Do you know anyone with a hardwired phone to call?
Seriously, think about that… would any of these people be able to function…? Before the iPhone came out we did all of the above without a device to do it for us…
Talk about willful ignorance…
After a few friends and family had contacted me because they had their digital profile hijacked, I wrote the following (which updates all of the above to another level) so they would have a list of what to do: Your Digital Profile