We will set up a more secure surfing on the Internet than we are provided by default. Everything is done under Ubuntu Linux and the Firefox browser is used, but nothing prevents the implementation of the described under other operating systems and browsers. Firefox was chosen because of the large number of plugins that extend its standard functionality.
Why is this all?
The fact is that many use free Wi-Fi networks in various cafes to access social networks and enter their usernames and passwords, risking interception. After all, you are using the open http protocol.
The main idea of \u200b\u200bthe article: we will raise tor, which will encrypt traffic that is open by its nature (http, icq protocol). The polipo proxy server will allow programs through itself to send traffic to tor, which only SOCK can do, and many programs do not know how to work with SOCK. Firefox browser will send open http traffic to the polipo + tor link. We will send encrypted https traffic directly, past Thor, since the nature of Tor is inherently slow and latent.
And now everything is slower and more detailed.
Thor
We need Tor first. This project will improve anonymity when visiting sites via the http protocol. Tor encrypts traffic and uses 3 of its random servers before releasing your traffic to the Internet.
Install in the system -
Sudo apt-get install tor.
The default Thor is not fast, to put it mildly. Its task is your anonymity and encryption. Previously, there was only you and the web server that you visited with your browser, but now you, the web server and the Thor network, which changes its servers with every request and encrypts your traffic.
But there are settings that accelerate Tor.
# Time allotted for building a new ring CircuitBuildTimeout 5 # Close the connection if there was no communication for a specified period of time (default 5 minutes) KeepalivePeriod 60 # Every NUM seconds Tor looks at other options for building circuits. NewCircuitPeriod 15 # Increase the number of Guards NumEntryGuards 8
These settings need to be entered in the / etc / tor / torrc. If the parameters are already there, then change the default to new data.
The SocksPort 9050 parameter hints that we will work through port 9050. If your programs can work through SOCK, then feel free to point them to localhost: 9050. But many programs do not know how to work with SOCK, and then we move on to another security link - Polipo.
Polipo
Polipo is a small, lightweight proxy server.
Its task:
- work with programs that cannot work with SOCK.
- remove headers that talk a lot about you during an http session.
Install polipo -
Sudo apt-get install polipo. / Etc / polipo / config should contain the lines socksParentProxy \u003d "localhost: 9050" socksProxyType \u003d socks5
These lines mean that the traffic received by Polypo will be sent to Tor.
Let Polipo reduce the information about you that is available to websites. This requires settings.
DisableVia \u003d true
If you are moderately paranoid. The sites should work fine.
CensoredHeaders \u003d from, accept-language censorReferer \u003d maybe
If you flinch from every rustle outside the doors. Sites may not work correctly.
CensoredHeaders \u003d set-cookie, cookie, cookie2, from, accept-language censorReferer \u003d true
The polypo is waiting for you at 127.0.0.1:8123 and now you can specify the proxy address in programs as 127.0.0.1:8123. A nice bonus is the ability of Polipo to cache the surfing results, which will save you another second when visiting sites.
At this stage, you can configure instant messaging programs like ICQ to your polipo + tor proxy by specifying 127.0.0.1:8123 in the settings.
Skype has its own closed protocol with encryption, so you don't have to bother about forwarding encrypted Skype traffic through polipo + tor. You can only worsen the final result, since voice and video are sensitive to network latency, and Thor only worsens it, dealing with your anonymity and encryption.
Firefox with auto-switching proxies.
It makes no sense to send encrypted https traffic through the Tor system. Only extra seconds of waiting. Encrypting what is encrypted is not a very smart idea.
We will make it so that open http traffic is encrypted, and encrypted https goes directly encrypted.
Install the FoxyProxy Standard extension in Firefox. We set the mode: Use proxies based on templates.
Direct Internet... Just in case, I recommend making a direct_inet item - direct Internet access for your white sites. You can add to this list and, thus, go to these websites, PASSING protection in the form of Tor + Polipo.
BE CAREFUL and do not enter usernames and passwords, do not deal with financial issues on these sites. This item is needed only to speed up the work with this site or if working with the site through the Tor causes more problems.
Caching Polypo and Thor... The item below called tor_polipo - using the polipo + tor proxy server. Type in the httr: // * template named http_via_tor using Whitelist and Metacharacters. Specify the proxy address 127.0.0.1:8123. Now all http traffic will be wrapped by FoxyProxy on Polipo with Tor, in other words - encrypted and anonymized.
HTTPS goes straight... The last point "by default" will let all traffic go directly as well, which means that encrypted https will go directly, bypassing tor + polipo, since https will not fall under the http: // * filter with the name http_via_tor described above.
Protocols other than http (s) are usually not widely used by anyone, so we will not complicate the scheme because of the rare dinosaurs. Moreover, Polipo has a chronic lack of ability to work with ftp.
Another bit of safety.
The power of the GPU and now the WPA2 key is already cracked. Who is guilty? A stand from the WPS brother.
We will set up a more secure surfing on the Internet than we are provided by default. Everything is done under Ubuntu Linux and the Firefox browser is used, but nothing prevents the implementation of the described under other operating systems and browsers. Firefox was chosen because of the large number of plugins that extend its standard functionality.
Why is this all?
The fact is that many use free Wi-Fi networks in various cafes to access social networks and enter their usernames and passwords, risking interception. After all, you are using the open http protocol.
The main idea of \u200b\u200bthe article: we will raise tor, which will encrypt traffic that is open by its nature (http, icq protocol). The polipo proxy server will allow programs through itself to send traffic to tor, which only SOCK can do, and many programs do not know how to work with SOCK. Firefox browser will send open http traffic to the polipo + tor link. We will send encrypted https traffic directly, past Thor, since the nature of Tor is inherently slow and latent.
And now everything is slower and more detailed.
Thor
We need Tor first. This project will improve anonymity when visiting sites via the http protocol. Tor encrypts traffic and uses 3 of its random servers before releasing your traffic to the Internet.
Install in the system - sudo apt-get install tor.
The default Thor is not fast, to put it mildly. Its task is your anonymity and encryption. Previously, there was only you and the web server that you visited with your browser, but now you, the web server and the Thor network, which changes its servers with every request and encrypts your traffic.
But there are settings that accelerate Tor.
# Time allotted for building a new ring CircuitBuildTimeout 5 # Close the connection if there was no communication for a specified period of time (default 5 minutes) KeepalivePeriod 60 # Every NUM seconds Tor looks at other options for building circuits. NewCircuitPeriod 15 # Increase the number of Guards NumEntryGuards 8
These settings need to be entered in the / etc / tor / torrc. If the parameters are already there, then change the default to new data.
The SocksPort 9050 parameter hints that we will work through port 9050. If your programs can work through SOCK, then feel free to point them to localhost: 9050. But many programs do not know how to work with SOCK, and then we move on to another security link - Polipo.
Polipo
Polipo is a small, lightweight proxy server.
Its task:
- work with programs that cannot work with SOCK.
- remove headers that talk a lot about you during an http session.
Install polipo - sudo apt-get install polipo. / Etc / polipo / config should contain lines
SocksParentProxy \u003d "localhost: 9050" socksProxyType \u003d socks5
These lines mean that the traffic received by Polypo will be sent to Tor.
Let Polipo reduce the information about you that is available to websites. This requires settings.
DisableVia \u003d true
If you are moderately paranoid. The sites should work fine.
CensoredHeaders \u003d from, accept-language censorReferer \u003d maybe
If you flinch from every rustle outside the doors. Sites may not work correctly.
CensoredHeaders \u003d set-cookie, cookie, cookie2, from, accept-language censorReferer \u003d true
The polypo is waiting for you at 127.0.0.1:8123 and now you can specify the proxy address in programs as 127.0.0.1:8123. A nice bonus is the ability of Polipo to cache the surfing results, which will save you another second when visiting sites.
At this stage, you can configure instant messaging programs like ICQ to your polipo + tor proxy by specifying 127.0.0.1:8123 in the settings.
Skype has its own closed protocol with encryption, so you don't have to bother about forwarding encrypted Skype traffic through polipo + tor. You can only worsen the final result, since voice and video are sensitive to network latency, and Thor only worsens it, dealing with your anonymity and encryption.
Firefox with auto-switching proxies.
It makes no sense to send encrypted https traffic through the Tor system. Only extra seconds of waiting. Encrypting what is encrypted is not a very smart idea. We will make it so that open http traffic is encrypted, and encrypted https goes directly encrypted. Install the FoxyProxy Standard extension in Firefox. We set the mode: Use proxies based on templates.
Direct Internet... Just in case, I recommend making a direct_inet item - direct Internet access for your white sites. You can add to this list and, thus, go to these websites, PASSING protection in the form of Tor + Polipo.
BE CAREFUL and do not enter usernames and passwords, do not deal with financial issues on these sites. This item is needed only to speed up the work with this site or if working with the site through the Tor causes more problems.
Caching Polypo and Thor... The item below called tor_polipo - using the polipo + tor proxy server. Type in the httr: // * template named http_via_tor using Whitelist and Metacharacters. Specify the proxy address 127.0.0.1:8123. Now all http traffic will be wrapped by FoxyProxy on Polipo with Tor, in other words - encrypted and anonymized.
HTTPS goes straight... The last point "by default" will let all traffic go directly as well, which means that encrypted https will go directly, bypassing tor + polipo, since https will not fall under the http: // * filter with the name http_via_tor described above.
Protocols other than http (s) are usually not widely used by anyone, so we will not complicate the scheme because of the rare dinosaurs. Moreover, Polipo has a chronic lack of ability to work with ftp.
Another bit of safety.
- I recommend installing the NoScript extension, which allows you to disable dynamic content on untrusted sites and prevents some types of attacks.
- Install the "HTTPS Everywhere" extension from the Electronic Frontier Foundation. This plugin has a base in which there is information about the availability of the https web site. You visit the site and the "HTTPS Everywhere" plugin redirects to its https version, even if you did not know that the site has such an option. Or simply forgotten and typed instead of https - http.
- Be careful with Wi-Fi and don't forget its "airy" nature.
- Disable WPS technology in your router. A flaw in the WPS allows you to quickly crack a strong WPA2 password. More details Hack Wi-Fi in 10 Hours - habrahabr.ru/company/xakep/blog/143834/
The power of the GPU and now the WPA2 key is already cracked. Who is guilty? A stand from the WPS brother.
Golden September has come, breathing has become easier, and I am with you again, dear friends. Today we will not break stereotypes, but talk about the essentials, about the life of a webmaster and safe surfing the net... It often happens that life dictates its own laws, and the webmaster by chance finds himself in a situation where he needs to take care of his own safety and safe surfing the Internet.
Figuratively speaking, I am a bit of a fatalist, and fate sometimes brings unexpected surprises. The Internet is becoming more and more controlled, people are becoming more stupid and at the very beginning of their journey they make mistakes, for which they later have to repent and tear their hair out. So, I bring to your attention my introductory post on safe surfing the net.
Recently, special attention to the Internet of all regulatory bodies is associated with the hobby of the country's main blogger. Remember, under Yeltsin, all the officials enthusiastically watched tennis, under Putin they dreamed of doing judo, but under Medvedev they occupied Twitter, and now they scratch their left egg instead of doing important state affairs. But, you need to be on the crest of the wave, and therefore the pasture and law enforcement agencies were found on the Internet. If you read the news, you are probably aware that the guys there successfully catch "extremists", earning ranks and titles, shoulder straps and stars. I really hope that next spring the main blogger will leave where he came from, and all our great and mighty will again start practicing judo. It is good for health, and the Internet will become calmer.
You ask me, why should a simple user be encrypted. An ordinary user really does not need to be encrypted. There is no need for a man in the street reading the news to be encrypted, there is no need for a housewife hanging around on women's forums, there is no need for a blogger leading his hamster about a healthy lifestyle, whose income is enough for pivasik. But, as I wrote above, man proposes, and God disposes, and very often the fate of the villain presents unexpected tricks. I heard, and even saw with my own eyes, how people suddenly found themselves in a niche, in which they did not plan to be. It can be attributed to both, and politics, in the same niche can be attributed to various pizdobols who carry their language in social networks and on various thematic portals.
To be honest, I have not seen anything like this in the public, so these few posts can be applied as instructions for beginners AWMyou, as well as people who choose to remain anonymous. Imagine that you bought an adult website for a penny, or your city portal turned towards the opposition. You should not convince yourself that this is impossible, or you hate to see naked genitals. Each new thousand visitors sends jingling gold coins to your keeper, and the sound of coins is so sweet that you simply cannot afford to part with a source of stable income. But, after all, a person lives not only on the Internet, but especially recently, the Internet and real life are intertwined more and more. You blurted out somewhere, wrote a finstrip, scolded the official - and the bell rings early in the morning. In general, for people walking on the edge of law and legality, I would advise to completely reconsider their lifestyle, and in particular the security of the network and home computer.
To get started, remember a few unshakable rules.
1.
For semi-legal sites, never buy domains in the RU zone!
2.
For semi-legal sites, never buy hosting in the country where you live!
3.
If your lifestyle is related to adult, warez, politics, and so on, then you should not be on any social network!
4.
Your domains and hosting should not be registered with you!
5.
Mail only gmail
6.
Any of your data (phones, asek, skype, name, city of residence, photos, etc.) should not be on the network!
7.
Surfing directly on your illegal sites is possible, but all administrator work must be done through a proxy or anonymizer.
8.
All your internet adventures remain in the provider's cache. How long are they stored there? Unknown. Three years, five years ... no one guarantees the shelf life of your tracks.
9.
Surfing through mobile high-speed Internet is generally an ass, unless you have taken care of getting a SIM card for a homeless person.
In general, it is worth noting that from the point of view of legality, almost all webmasters are illegal, who in one way or another violate this very law. If they haven't come to you yet, it is not because you are a positive and law-abiding citizen in all places, but simply because no one needs you yet. Every webmaster in especially dangerous niches should be aware of the simple truth that he and the state are different poles with completely different interests.
For today, my introductory ode is over, and in my next posts, I will consistently try to tell you about elementary security on the network and on your home computer.
The Internet is one of the most common places to get a virus or spyware while browsing the web. There are many websites that are just waiting for you to make a mistake and they can inject a virus or malware onto your computer. Due to this, it is important to use a certain amount of care to keep surfing the Internet safe.
In the old days of the World Wide Web, Internet surfing (browsing) was a relatively safe activity. Most web pages were written in plain HTML, the earliest browsers were text-based. New technologies soon emerged to make the web browser richer, more interesting, and more interactive.
Web pages now contained much more than text and pictures. Web designers began to use scripts and other inline code to make pages feel more "alive". Microsoft introduced ActiveX, which provided functionality similar to Java applets, but at the same time it increased the security risk as ActiveX controls can access the Windows operating system.
Scripts, applets and ActiveX can be embedded in web pages to do amazing things, but they can also be used for harm and, for example, infect a computer with a virus, secretly install software that will allow a hacker to take control of the system, etc. ...
This is due to the very nature of technology, since any technology can be used for good or for evil.
The following tips will help you avoid getting hit by malware to your computer and make your surfing the Internet safe.
Choose a trusted browser
According to Internet security research, Firefox is the top choice when it comes to web browser security. However, Microsoft has put a lot of effort into making Internet Explorer more secure. Because of this, both IE and Firefox are good choices when it comes to choosing a browser.
But, no matter which browser you decide to use, be sure to download and install the recommended updates. Regularly updating your browser with the latest security patches will help fix the security issues found.
Install antivirus and firewall
Surfing the Internet safely also depends on using a good antivirus program to protect against viruses. Also, make sure you have a firewall as well. The firewall controls the traffic between your computer and the Internet, and is the first and best line of defense.
Most operating systems come with a firewall, but that won't help you if you don't activate it. The combination of good antivirus protection and firewall can prevent many problems.
Keep your wireless networks secure
Enable the firewall on your router, and change your router's admin password regularly. Visit the support section on your ISP's website or your router manufacturer's website for instructions on how to take these precautions. And make sure the router has encryption like WPA or WPA2.
Download files from trusted resources
A common place to get a virus is from bad downloads from dubious sources. Only download files from reputable and trusted sites. Many computers get the virus when users try to download, for example, music from an untrusted website or torrent. Also, download and install free software only if you are sure the source is safe.
A free program with a lot of positive reviews from popular websites can probably be installed. But if you cannot find any information on the Internet about this program, do not install it and find another program that performs the same function.
Avoid Malicious Sites
If you land on a site that is badly designed, with tons of pop-ups, and that might even trigger pop-up warnings from your antivirus, it's best to leave that site. Make sure you close any pop-ups. You should also follow the recommendations of the anti-virus program to remove the detected virus or spyware. This will make your web surfing safer.
When browsing the web pages of financial institutions or the like, take steps to avoid fraudulent sites that ask for personal information. Most legitimate sites do not ask for this information, but instead require you to register.
Use the help of a search engine that corrects typos so you can go to legitimate sites and avoid hitting fake web pages. Also, avoid pornographic sites, most of which contain malware that can harm your computer.
Install Windows updates
If you are a Windows user, make sure you regularly download and install the Windows updates recommended for your PC. Often these updates will close security holes that have been found in Windows.
We offer 12 PC security tips to minimize the risk of catching malware on the vast expanses of the network. The Internet is a wonderful place where we spend a significant part of our time, where you can study, comprehensively expand your horizons, make new friends from all over the world and, absolutely free, communicate with any part of the planet. All this ease is captivating, but if you don't take care of safety, attractiveness will quickly replace disappointment.
Luckily, you don't have to be "Seven spans in the forehead"to protect your computer and personal data online. We suggest that you read and take into account 12 PC security tips that are designed to minimize the risk of picking up any "Infection" on the vast expanses of the network.
Content:So, let's begin.
Background software updates can be annoying, as it is always frustrating when your PC starts to slow down and you have to wait for all of them to be installed. But it is with the updates that the programs receive the latest functions and fixes for various errors, including closing software security holes. Therefore, updates to the operating system, browsers and security software are the basis for the security of your PC or gadget. Set up automatic updates for a specific time, or update them manually, but this must be done constantly.
Remove browser extensions that you don't use and don't trust completely, as they can significantly slow down your PC's performance or spy on everything you do. Also, add-ons may have vulnerabilities through which malware will interfere in their work. That is, through add-ons, Key loggers can work, tracking the text entered on the keyboard, or screenshot managers that will save snapshots of the web forms you fill out. Through vulnerabilities in password managers, malware can track currently used confidential information: logins, passwords, names of email boxes, banking information, etc. Open the extensions page in your browser and you will find several plugins and add-ons that you never knew existed. Review them all and delete the ones you are not using.
Most campaigns these days, such as Google, Apple, Microsoft, etc., provide users with the option to set up 2-Step Verification (or sign in with a confirmation email to "Email", code in "Sms message" or the code in the mobile app) to log into your account. In fact, this is extended authentication, a special specific method of controlling access to an account from an unknown device or non-standard "IP addresses"... In it, the user must present to the system not only a login and password, but also provide additional evidence, for example, a code in "Sms message"that is sent to the phone number associated with the account. We highly recommend using the two-step method of logging into your account, because even if the attackers in some way took possession of the username and password, then without the code from your phone they will not be able to log into your account and harm you.
Some sites, including "Facebook", "In contact with", Twitter, "Instagram", "Gmail" and "Google", allow you to check recent active actions: account logins, posts, various account changes, settings, etc. They should be checked periodically in order to determine if there have been any suspicious actions that you did not perform (for example, authorization from a third party "IP addresses"). It will also be helpful to unload connected applications that you do not regularly use or that carry out unhealthy activity on your accounts.
Read about how to check activity on social media accounts in separate articles:
5. Set a password on your phone lock screen
If the phone is stolen, or you accidentally lost it and did not install protection on the lock screen, then the person who finds it can access all social networking accounts and the web browser with all saved passwords. Accordingly, he will be able to manage data in accounts, delete it or use it to your detriment. If you want to avoid this, then add a visual template, "PIN" or fingerprint on the device lock screen. Now, such a lucky person will only get a phone, and your personal data will be safe.
6. Protect your laptop
The same goes for your laptop or desktop PC, especially if your browser has passwords stored or you automatically log into the websites and apps you use every day. Add a password or some other security method (of your choice) and make sure the Windows security settings "MacOS" or "Android" are configured to require a password every time you log in, wake up from hibernation, and when you change users.
End-to-End encryption is a special method of data transmission in which several users who are interlocutors gain access to messages. Using end-to-end encryption, you can protect your connection from third parties, that is, using the same cryptographic keys makes it possible to correspond (or send files) only to the sender and the recipient. Other users will not be able to decrypt this data, even if someone can trace it, then there will still be no benefit from it. Websites that use encryption have specific "URLs", they start with the abbreviation "HTTPS"are often displayed with a green padlock in the browser address bar. Also, use fully encrypted messaging platforms such as: "Whatsapp", "Telegram" or "Signal".
8. Be careful with public "Wi-Fi points" Internet access
The problem with public "Wi-Fi points" Internet access is something that as you can connect to it, so everyone else can. This means that you need to be more mindful of the files you transfer over such a connection and the websites you visit. Also, we highly recommend that you install any software to create "VPN connections" ("Virtual Private Network" - virtual private network). This technology allows one or more connections to be established over another network. Since all traffic between your computer and "VPN connection" is encrypted, then no one can track which web resources you visited, what mail you received, etc.
Remember that social networks like "Instagram" or Twitterare public by default, so everyone can get information about where you are and what you are doing. Do not expose too much information about yourself, for example, pictures of a map with your home or work address, photos with geolocation, photos of your car, etc. Social network "Facebook" provides more variety of privacy options, for example, audience settings for each message individually, which you can use to send photos only to close friends or family.
10. Don't share your personal information with anyone
Can someone call your bank or network provider and pretend to be you? Are you sure about that? We highly recommend that you ensure that the personal information that you used to further identify yourself over the phone (birthdays, pet names, addresses, family names) is not available on the Internet. Make sure that you have not used publicly available information for such purposes, that it is not posted on social networks or the settings of various accounts.
On the Internet, you can find many paid and free utilities to protect your PC or gadget: antiviruses, antispam programs, Internet connection protection programs, etc. They will constantly monitor your online activities and provide protection against viruses and a variety of malware. Even free antivirus software will protect your computer well, for example, Avast! Free Antivirus ", ESET NOD32 Antivirus, BitDefender Antivirus, "Kaspersky Antivirus" and many more, all of which show excellent results in securing PCs. Many have additional built-in modules for protecting banking information, parental control, firewall, protection against network attacks, email client protection, etc. We highly recommend using an antivirus on your PC and mobile device.
12. A Few Useful Security Tricks
Not all safety precautions you can use are digital. Remember that the biggest danger to you on the Internet is yourself. Use one, as you think, the most secure e-mail box for all the most important accounts: for banking sites, payment systems, hosting, etc., and do not use it for anything else. Use a wired Internet connection at home or in the office to access these sites. Do not log into these accounts on other people's PCs and mobile devices, or through free "Wi-Fi access points" to the Internet when you are not sure about the security of this connection. Write down all important passwords in your notebook (on a piece of paper) and never save them digitally. Always use antivirus software. Don't post too much personal information publicly on social media. Do not give anyone personal information that can be used for additional identification in the telephone mode. To pay for goods on the Internet, it is very dangerous to enter your bank card details, so use payment systems that you trust (for example, PayPal). Also, do not go to questionable web resources, simply by going to which you can download the virus (in the website icon, file "Favicon"). Check all files and programs downloaded from the Internet with an antivirus before installing. Just follow these non-tricky tips and they will help you avoid many network problems.
