After using Backtrack-Linux for a long time, I found out how easy it was to compromise anyone's security. I also noticed how ill-informed people where about how easy it would be to do. So, I decided to create a guide about some of the biggest threats on personal security, to help people protect themselves.
This guide is an expansion on a PDF guide I created, to make it simpler to follow.
http://deadbot.net/dontgetpwned.pdf (The PDF file, read it)
Step 1: PDF Files
PDF files are very insecure, and can easily get you infected, if the PDF is from a malicious person.
Examples of what an attacker could do:
1) Using metasploit, add a hidden payload to the PDF, containing a Trojan virus.
2) You open the PDF, and your computer is infected without you even knowing.
NOTE: Antivirus software can only detect known viruses. If someone create a custom coded virus, and somehow gets it on your computer, no antivirus software will detect it.
Step 2: Passwords
One of the worst habits is using the same password for multiple websites. Even worse is using a short one with only letters and a few numbers.
Examples of what an attacker could do:
1) Boot your computer from a CD, DVD, or USB drive that has an exploitation OS on it (Backtrack-Linux, OphCrack, etc).
2) Use the exploitation OS to extract your PC's password.
3) If it is the same as one of your other accounts, they have access to it.
1) An attacker could simply see you typing in a password for your email, and have accses top all your other accounts
1) You sign up for an account at "www.freeCuteCatsPics.com", and use the same password as you do for your Facebook
2) Now the owner, and employees at that website have your passwords.
How to prevent this threat:
Use a password manager. (I use Keepass; its free and open source)
A password manager stores all the passwords for each of your accounts, and auto types them whenever you want to sign in.
Keepass also creates complex passwords, so brute forcing a password is nearly impossible.
Example password (created by Keepass): "s0SD&EK,hmmzGH"^>AQS/#OyZ"
To get Keepass:
1) Go To: "http://keepass.info/download.html"
2) Download the professional version (It's still free, just more features)
Step 3: MITM
Man In The Middle attacks are when an attacker uses are request and replies to fool devices. Here is what happens:
-Your (the victim's) MAC: 00:00:00:00:00:AA
-Target router's MAC: 00:00:00:00:00:BB
-Attacker's MAC: 00:00:00:00:00:XX
NOTE: A mac address is a unique identifier for each computer, device, or anything on a network.
1) Attacker sends an ARP reply to the router (wired, or wireless), saying that your (victim's) MAC is changed to 00:00:00:00:00:XX.
2) Attacker sends an ARP reply to you, saying that the router's MAC is changed to 00:00:00:00:00:XX.
4) Now, the router thinks you are the attacker's computer, and you think the attacker's computer is the router.
5) The attacker now is the "Man In The Middle" and all your packets will go through them.
What can the attacker do now?
1) Without you knowing, view every website you browse, everything you download, and everything you could possibly do over the internet, would be seen by the attacker. (This includes usernames, passwords, private emails, and even encrypted webpages if they use SSLstrip)
1) Using an exploit in you OS, have assess to everything stored on your computer. (This only works if an exploit is available at the time)
1) When you attempt to download a file, the attacker can replace the true file with a fake one with the same name, tricking you into downloading virus.
1) Use packet filtering software to change webpages, doing any of the following:
---Replace all images with a picture of a cat
---Redirect you to fake bank websites to steal your information
---Change the news to seem like a zombie apocalypse is imminent
---Make it appear as if all your friends hate you (fake emails)
---Tamper with other data
NOTE: Remember this example is local only, it wouldn't change the actual websites, just what your computer sees.
How to prevent this threat:
There are not very many options to protect yourself, and you can't just set your computer to not listen to ARP replies and requests, because they are essential to a network.
You can use an encrypted proxy to use the internet through, which will solve the above problems, because all your packets will be encrypted. I use Tor.
Step 4: WEP Security
Some people still use WEP security. Do you know how long it take me to crack a WEP secured network? 2 minutes. Every single time, no matter how long and complex their password is.
How does an attacker crack WEP?
For this example, we will use numbers to show how encryption works.
The unencrypted data is: 10
The password is: 5
The encrypted data is: (10 * 5) or, (unencrypted data * password) or, 50
This is basically how all encryption works.
NOTE: The traffic key is a constantly changing password that each device on the network automatically receives if they have the network password. The network password is what you type in to join a secured network.
Now, how does an attacker get the password?
1) They collect as many encrypted packets from the network as possible. This is easy, since the packets are sent over the air.
2) Once they have collected thousands and thousands, they use software to look for patterns.
3) Since the traffic key is only transmitted in 24 bit encryption, they repeat themselves a lot, and now the attacker can compare the different traffic keys to obtain the network password.
Once the attacker is in your network, they can do anything from downloading hundreds of gigabytes of files, printing anything from your printer, or exploiting your computers to install viruses.
Step 5: Tor
Tor is a free encrypted tunneling service that you can use to secure yourself on public WiFi, or anywhere else that you suspect security may be compromised.
How Tor works:
1) You turn on tor, and send an email. (This obviously work with anything besides emails too)
2) That email is sent from your browser, to the Tor program on your computer. (Instead of directly to your router)
3) Tor takes the email, encrypts it, then sends it to the router. At this point, it is impossible for people to see the email.
4) The router sends it to a Tor server. At this point it is still impossible to read.
5) The Tor server then unencrypts the email, and sends it to the email server. (Hotmail, Gmail, etc.)
What this does:
-It makes it impossible for any attacker on your WiFi (or wired) network to read that email.
-It makes it impossible for your ISP to read that email. (Telus, Comcast, Bell, Sprint, Verizon, etc.)
-It makes it impossible for any government to read that email.
-It makes it impossible for anyone to track your internet activity.
-It makes it impossible for anyone to block a webpage from being assessed. eg: Your school blocks social networks.
-It is usually slower than a regular network.
How to get Tor:
1) Go here https:// www.torproject.org/download/download.html.en
If your using Google Chrome:
2) Download the Vidalia Bundle
3) Follow these instructions:
If your using Firefox:
2) Download Tor Browser Bundle
3) Install it
If your using IE:
2) See section 8
Step 6: Anti Virus Software
Lots of antivirus software is bloated and slow. For example, McAfee, Bit-defender, Norton/Symantec, etc.
There is a free alternative. It doesn't have adds, it doesn't pester you for upgrades, accounts, or registration.
It's also fast, and catches all the viruses you would expect from paid antivirus software. (Including real-time protection, to catch virus as they are downloaded, or run)
Microsoft security essentials!
I use Microsoft security essentials, combined with the default windows firewall. Not many people need anything more.
Step 7: WOT
Web of trust is an amazing plugin for most browsers. It runs as a little icon in your browser, turning from green to red, based on how people have rated it. You too can rate the current website your using by clicking on the icon, and adjusting the sliders for different security categories. The categories are:
Even before a webpage is fully loaded, WOT will pop up if the website was a poor reputation, saving you from any potential viruses on the website.
So, is that website giving out free medication to become superman trustworthy? It's not, and now you know, because WOT popped up and warned you about it.
Step 8: Web Browsers
What web browser do you use?
If you want one that takes 5 minutes to start up, chose IE.
If you want one that takes up half the screen with toolbars, buttons, and advertisements, chose IE.
If you want the most targeted web browser for viruses and spyware, chose IE.
If you want one with terrible security, and an ugly interface, chose IE.
But, if you want an extremely fast, clean, smooth, web browser, chose Google Chrome.
(Firefox is good to, but I like Chrome much more.)
Remember that there are websites you can visit that will infect your computer without you downloading anything at all, so don't think you are invincible if you don't click download.
Step 9: All Done
So, follow these instructions, and you should be a lot safer. But remember, the weakest link on your security chain will be an attacker's target. Having an epic password is useless if you have a key logger on your computer.
If I missed anything, just leave it in the comments, or email me at email@example.com