Security Basics

The following comes from a series of blog posts I wrote a year or so ago: http://koanhead.blogspot.com/2011/10/koanheads-basic-guide-to-personal.html

=Introduction= In a perfect world, you wouldn't have to know anything about viruses, firewalls or encryption just to use the gol-dang Internet. The Internet would be more like a TV, where you can just veg out on the couch and flip channels without having to worry about some masked griefer stealing your face and emptying your bank account. Similarly, in a perfect world cars would drive themselves and you could enjoy your newspaper, double martini, or cell-phone conversation without having to worry about some other idiot crashing into you. Unfortunately, the world is not perfect, and using a computer and driving a car are both fundamentally dangerous activities (albeit in different ways.) There are a few basic things to know about driving a car which can make the activity much safer and more pleasant for everyone. Unfortunately too many people don't know them. The same is true of computer use. Everyone thinks they already know how to drive a car, so I'm not writing a guide to how to drive a car safely. No one asked me. Technically no one asked me to write up a guide about computer safety either, but I was inspired by the discussion here: http://www.fluther.com/131112/for-tech-wizards-here-have-you-heard-of-the-root-kit/

This whole article is going to be informal and skim over a lot of things. I won't be including a lot of detail, alphabet soup, or binary math. Where I think extra detail can be useful I'll link to things. If you want to know more you can follow the links or you can ask me questions and I'll try to answer as best I may (or you can go ask Fluther and get better answers ;^) Here we go!

=Owning your computer=

If you own a computer system it's your responsibility to provide administration. You need either to learn how to properly run the system yourself or get someone else to do it. If you don't, no one is going to come kick your door down and confiscate your computer- but it will break in mysterious ways, fall prey to black hats and malware, and generally make you unhappy. TVs and cell-phones and game machines are much more limited, so the knowledge needed to keep them working can be successfully shunted to the manufacturer or service provider. A personal computer is an extremely flexible and powerful device, and that's exactly why you need to know stuff in order to run it.

First of all, everyone who uses the computer needs a separate user account. All modern computer operating systems (Windows, Mac OS, Linux, etc) have user accounts. If your OS does not support this then you need to upgrade. Under exactly one circumstance should anyone share a user account: the Guest account may safely be shared, because you can't do much of anything with the Guest account. If the Guest account can do things like install software or write files outside of its own folder, disable it and give your users separate accounts. Every user of the system needs to have a unique password. Passwords should be changed regularly. Good luck enforcing this- it's notoriously difficult to prevent your users from writing down passwords or using "password123" or the like as a password. If you know your users then you can probably figure out which ones will do stupid things and which won't. It's a good idea to limit the things that the more careless users can do. It's pretty easy- your OS will have a list of things that you can check off in the Control Panel or equivalent, like so:

[http://3.bp.blogspot.com/-CJfPgB387Sc/Tooo9SgNp8I/AAAAAAAAAF8/8HhoGqQEx44/s320/usersettings-crop.png|left|The "Users Settings" dialog for my system looks like this. You can see that the Guest account is disabled, and that none of the boxes are checked. Guest can't do anything much in this case, even if you could log in to it!]

Besides Guest, there's another special account called "Administrator" or "root". If you are a Windows user it's somewhat likely that this is the account you are using. Cut it out! This account is special because it can access any part of the computer and make any changes. All the other accounts are locked out of some parts of the computer (in fact, most of the parts) so that they can't run amok and break things that aren't theirs. Normal users (including you) should not use this account for regular things. Only one user (you, the owner / administrator) should have access to it at all. If you need other users to do administrative tasks (like, maybe you want someone else to be able to add accounts or reset passwords) you can add permissions to their account on an "a la carte" basis, or you can make another "super-user" account for them with the permissions you want them to have. Most folks are the only ones using their computer, which makes things a lot simpler. Those computers need only two accounts- the Administrator account and a normal user account. Why does one person need two accounts?

You don't use the Admin account for regular stuff. Don't do it. Please. Using the Admin account is like opening the hood on your car. There are a number of excellent reasons to not drive your car around with the hood open, the least of which is that you'd look like a jackass. Basically, if you use that account all the time, you will eventually accidentally kill your computer. If you don't have the permissions to erase your hard drive, then you don't have to worry about accidentally erasing your hard drive. If you use the Admin account only for administration, then you won't have to call your friend who "knows computers" to come fix it when you accidentally delete command.com, and then he won't burn your house down. Everybody wins!

All the files on the computer have owners. Usually the user that created or downloaded the file is the owner. Each user will have a directory (folder) that belongs to them- that's where they are meant to keep their files. Mostly users should not have access to things outside their home directory. Sometimes users will want to share files. You can make a "group" and make the group the owner of the file. Then you can add the two users to the group and they both will have access to the file. Or you can tell them to figure it out for themselves. Most modern OS have user-friendly ways to accomplish this without having to know about owners, permissions and groups- but those things are still there behind the scenes, and it's useful to know about them.

Right now you might be saying, "Hey, this is all terribly fascinating, but what the heck does it have to do with security?!" Well, Daniel-San, here's your wax-off moment. Know ye these things: 1. If users have separate accounts, and one user writes his password on a billboard by the freeway, then unscrupulous motorists will have access to his files and not the whole dang computer. 2. If that user is you, and you only use the Administrator account, then #1 means they do get your whole dang computer. So don't do that! Also, don't put your password on a billboard. You can't necessarily stop your users from doing that, but you can certainly stop yourself.

=Trust and relationships= OK, I guess I've beat that horse into the ground. Now it's time to talk about some non-computer related stuff.

Who do you trust? Do you trust your spouse? Do you trust your parents? If you do, that's great. Don't give them your passwords! Don't give anyone your passwords, ever. Especially if you trust them. Sharing passwords (or user accounts) can end relationships. Even if the other person doesn't do anything wrong, and you screw up and get hacked some other way, you have no way of knowing it wasn't their fault. You probably think right now that it wouldn't matter, that you wouldn't blame them or be angry. Do not take that chance. I have seen this happen, and it's not pretty.

I know, I said this section would be non-computer-related, right? I totally lied! And you trusted me, too. Don't you feel like a chump now? Aren't you glad I didn't say I was from Nigeria and wanted to give you a million dollars?

Passwords are a type of personal information that is so sensitive you shouldn't trust it to anyone. Other types of personal information are sensitive but shareable in limited contexts; for example, you might share your home address with a friend over email, but you wouldn't want to post it to /b/. You trust your friend to not burn your house down, but you don't know what the heck /b/tards will do!

Trust in the context of security is similar, but more formalized. Your computer has rules built into it that govern the amount of "trust" it has in other computers. For example, it probably trusts Verisign's servers to vouch for the identity of your bank's computers, so that you can feel sure that you aren't giving your account number and passwords to someone other than your bank. Using a different set of rules, my desktop computer trusts my laptop enough to serve files to it and allow it to connect over SSH, but it does not allow any other machines to do those things. Trust and relationships go hand in hand. A server is a computer that receives requests from other computers (clients) and sends data to them in response. Computers that perform both roles for each other are called peers. In a client-server relationship, it's sometimes important for the client to trust the server or vice versa, depending on the sensitivity of the data. In order for one computer to be trusted by another, it needs to prove its identity. There are several methods for proving identity, but most of them rely on a third computer which is already trusted by each.

In a peer-to-peer relationship, the computers usually don't trust each other. Instead each one needs to trust the data it's receiving from the other. In order for the computer to trust the data it's getting, the data has to be able to prove its integrity. There are several ways to do this, but mostly they rely on comparing a piece of information extracted from the received data to another piece of information supplied by someone trusted to vouch for the authenticity of that data.

To establish trust you have to trust someone else?! So, where does trust begin? It begins, basically, with a leap of faith. When you buy a computer and install Windows you have to have faith that Microsoft isn't going to install certificates that make your computer misidentify goatse.cx as your bank and pour all your money into some dude's butt. When you use any computer or any browser with HTTPS (that's what makes the little lock icon when you go to your bank's website or any other "secure" site, like login pages and such) you have to have faith that Verisign or some other company you probably have never heard of isn't screwing you over similarly.

Unfortunately, not all these trusted organizations are worthy of your faith. There have been a number of incidents lately where they fell down on the job and black hats were able to represent themselves as other websites and steal information. This happens because the |"trust model" used by HTTPS is centralized and "top-down". Trust is concentrated in a few centralized |entities that get paid to provide assurance that a particular website really is what it says it is. Every user needing to verify that identity has to go through one of these entities, and if something goes wrong at one of them, |bad things can happen.

Sadly we are stuck with HTTPS and with this broken trust model for now. However, there is another way to verify identities that requires a smaller leap of faith (or rather, many little hops of faith.) It's called a "|web of trust" and it works in a decentralized way that allows you to choose who to trust. Let's say you trust me. (Who loves ya, baby?) Each of us has a certificate, which includes some information about us and two [|keys], which are just really long numbers. One key is public, and you share it with people you trust. The other key is private, and you don't share it, ever, with anyone at all. Since you trust me, we meet in person, you make sure it's really me, and then you sign my key by adding your public key to it. Now that I have your public key, I can send you secret messages- because if I use your public key to encrypt them, you (and only you) can decrypt them using your private key. Not only that, but if you get an encrypted message and use my public key to decrypt it, you know it came from me. If we want to, we can use both methods at once to ensure the identity of both sender and receiver of a message.

But wait, there's more! Since you trust me, you now can decide to trust some of the folks I trust; if I trust your bank (and remember, "trust" here specifically means "I have verified the owner of this certificate is really who the certificate says it is") then you can safely trust them too, so you can send them secret messages just like you would with HTTPS! Eventually I expect that the Web will adopt this way of verifying identities; it's been around a long time, and lots of people already use it to secure emails and other messages. In fact, GitHub and other sites use it to identify their users.

=Connections and Interactions=

Most of the ways you can hook your computer up to something are pretty safe. It would be pretty difficult for an outside attacker to exploit your keyboard controller to do nefarious stuff if that's the only connection available. Sure, if someone sneaks into your house, they could put an |weird icky spy device on your keyboard wire and find out what you type; but then, if they're in your house they could just take your hard disk anyway, so it's hardly the keyboard's fault. No, most attempts on your computer's integrity will come down the network wire (or radio if wireless is how you roll). There's some basic stuff you need to know about that.

First off, every computer on the Internet, including yours, has a |discrete numerical address associated with it. You probably don't know what that address is, and you don't need to. It doesn't matter, and it probably changes every so often anyway. What matters is this: every piece of information sent across the Internet goes from one address to another address.

If that were all there was to it, your computer would only ever be able to have one kind of connection at a time to any other given computer. Instead, it can have as many kinds of connection as it has |available ports. A port is just another number that gets tacked on to the end of a network address so that the computer knows which pieces of data coming down the wire go to which program. For example, if a computer runs a Web server (a program that sends web pages to other computers on request) then it knows that data that comes in to port number 80 goes to the Web server, because that port number is traditionally used for that service. Not all the port numbers are |so well-known in this way, but lots of them (more than 1000) are.

Your computer has, or should have, a program on it called a |stateful firewall or packet filter. This program examines each | packet (discrete chunk of data) that comes down the pike and enforces rules like "discard all packets that come from such-and-such disreputable network address". Most modern Operating Systems come with a firewall built in, but it's not always turned on by default. You should make sure it's turned on at the very least, and you really should learn how to set it up properly and use it if you are going to do anything at all fancy on your home network (like sharing files between local computers, or sharing a printer, or Remote Desktop). If you are just using the Internet, all you need to do is make sure it's turned on- it's most likely already set up the way you need. If you aren't sure, get someone to help you check. Firewalls are very very important. You will almost certainly be "hacked" if you don't have one, whether you know it or not.

Also, a word about "hacking." Hacking is what hackers do. Hackers are not the people who break into your computer to do nefarious things. There is a word for those folks already: CRIMINALS. Hackers are people who figure stuff out. Sometimes what they figure out is how to break into computers (and then they often figure out a way to stop people using the same break-in method or exploit.). Hackers built a lot of the stuff you use every day, and hackers all over the world work hard to keep things going, lots of them for free, out of love. These people are not criminals. (Well, | some of them are, but mostly not!)

There are lots of things to see on the Internet, some of which | cannot be unseen.

Did you click that last link? That's the sort of link you shouldn't click. You got off easy that time, because this blog is supposed to be fairly safe for folks to read. Did you do that thing where you hover the mouse pointer over the link and then look at the bottom of the browser window (the | status bar) to see where it went?

That's a good habit to cultivate. Not everyone on the Web will be as kind to you as I am- hell, catch me in a bad mood some time...

So, don't be dumb. Don't trust people you don't know. Don't download things unless you know what they are, where they are coming from, and that you are allowed to have them. If you don't know how to find out these things, then don't download it.

I'm not here to moralize at you about file-sharing and how the poor little rock stars deserve to get paid. If you want to have that argument, go ahead and have it someplace else. This blog is about security, and downloading files is risky. Know what you're doing, or don't do it.

If you use BitTorrent, learn how to check hashes. If you don't know what that means, don't use BitTorrent until you do. It's way too easy to get yourself into trouble downloading files from untrusted sources, and it's just plain reckless to do it without even attempting to verify the files.

You don't have to know everything. It's not what you don't know that will hurt you- it's what you do know that ain't so. So be careful, and don't make assumptions.