We will configure safer surfing on the Internet than we are given by default. Everything is done under Ubuntu Linux and the Firefox browser is used, but nothing prevents the implementation described under other operating systems and browsers. Firefox is chosen because of the large number of plugins that extend its standard functionality.
And why is all this?
The fact is that many use free Wi-Fi networks in various cafes to go to social networks and enter their logins and passwords, risking being intercepted. After all, you are working on the open http protocol.
The main idea of the article: we will raise tor, which will encrypt traffic that is by its nature open (http, icq protocol). The polipo proxy server will allow programs to send traffic to tor through itself, which only SOCK can do, and many programs cannot work with SOCK. The Firefox browser will allow open http traffic to the polipo + tor bundle. We will allow encrypted https traffic directly, past Tor, since the nature of Tor is inherently slow and latent.
And now everything is slower and more detailed.
Thor
First we need Tor. This project will improve anonymity when visiting sites via the http protocol. Tor encrypts traffic and uses 3 of its random servers before releasing your traffic to the Internet.
Installing in the system
sudo apt-get install tor .
Thor by default, to put it mildly, is not fast. Its task is your anonymity and encryption. Previously, it was just you and the web server that you accessed with your browser, and now you, the web server and the Tor network, which changes its servers with each of your requests and encrypts your traffic.
But there are settings that speed up Tor.
# Time allotted to build a new ring CircuitBuildTimeout 5 # Close the connection if there was no communication for a given period of time (default 5 minutes) KeepalivePeriod 60 # Every NUM seconds Thor looks at other circuit building options. NewCircuitPeriod 15 # Increase the number of Guards NumEntryGuards 8
These settings must be made in the /etc/tor/torrc. If the parameters are already there, then change the default ones to new data.
The SocksPort 9050 parameter hints that we will work through port 9050. If your programs can work through SOCK, then feel free to specify localhost:9050 to them. But many programs do not know how to work with SOCK and then we move on to another security link - Polipo.
Polipo
Polipo is a small, lightweight proxy server.
His task:
- work with programs that do not know how to work with SOCK.
- remove headers that talk a lot about you during an http session.
Install polipo -
sudo apt-get install polipo . /etc/polipo/config should have lines socksParentProxy = "localhost:9050" socksProxyType = socks5
These lines mean that the traffic received by Polipo will be sent to Thor.
Let Polipo reduce the information about you that is available to websites. This requires settings.
DisableVia=true
If you are moderately paranoid. Sites should work fine.
CensoredHeaders = from, accept-language censorReferer = maybe
If you shudder at every rustle outside the doors. Sites may not work correctly.
CensoredHeaders = set-cookie, cookie, cookie2, from, accept-language censorReferer = true
Polypo is waiting for you at 127.0.0.1:8123 and now you can specify the proxy address in programs like 127.0.0.1:8123. A nice bonus is Polipo's ability to cache surfing results, which will save you another second when visiting sites.
At this stage, you can configure instant messaging programs like ICQ to your polipo + tor proxy by specifying 127.0.0.1:8123 in the settings.
Skype has its own private protocol with encryption, so you don't have to worry about forwarding encrypted Skype traffic through polipo + tor. You can only worsen the final result, since voice and video are sensitive to network latency, and Thor only makes it worse by doing your anonymity and encryption.
Firefox with auto proxy switching.
It makes no sense to let encrypted https traffic through the Tor system. Just extra seconds of waiting. Encrypting what is encrypted is not a very smart idea.
We will make sure that open http traffic is encrypted, and encrypted https goes encrypted directly.
Install the FoxyProxy Standard extension in Firefox. We set the mode: Use proxies based on templates.
Direct Internet. I recommend to make just in case point direct_inet - direct access to the Internet for your white sites. You can add to this list and thus access these websites BYPASSING protection in the form of Tor + Polipo.
BE CAREFUL and do not enter logins and passwords, do not engage in financial matters on these sites. This item is needed only to speed up work with this site or if working with the site through Tor causes more problems.
Caching Polipo and Thor. The item below called tor_polipo is using the polipo + tor proxy server. Type in the http://* template named http_via_tor using the Whitelist and Metacharacters. Specify the proxy address 127.0.0.1:8123. Now FoxyProxy will wrap all http traffic on Polipo with Tor, in other words - encrypt and anonymize.
HTTPS goes straight. The last "default" item will let all traffic go directly as well, which means that encrypted https will go directly, bypassing tor + polipo, since https will not fall under the http://* filter named http_via_tor, described above.
Protocols, except for http (s), are usually used by few people, so we will not complicate the scheme because of rare dinosaurs. Moreover, Polipo has a chronic inability to work with ftp.
A little more security.
The power of the GPU and now the WPA2 key has already been cracked. Who is guilty? Set up from brother WPS.
Sd3000
I myself do not use antiviruses, because when you catch an infection, you can immediately see where and how. But this is really aerobatics.
A very good option is to have several accounts with different rights.
In addition to hemorrhoids, this does nothing for itself. Why? Because in 99% password login under Administrator / Administrator = login under user. + The methods of penetrating into protected sections of the same windows vista have already become known. Let me remind you that XP "allegedly" security was practically non-existent. At a low level, it was also easy to climb through any sections of users on localhost. In Vista - it's almost 7, here things have really been revised to a new level. But social engineering and stupidity of users will be canceled sometime.
“When a family does not have 2 computers, and the computer with which you earn money has to be shared with your family, in this case it is imperative to have different accounts.”
In such cases, having only different computers 🙂 Sharing a really working machine with someone. It is at one fine moment to be left without everything. But if you are a kamikaze, then you are welcome. The example you describe below is proof of that.
The "No Script" plugin is absolutely useless and interferes with the work of the plugin. And you can’t catch a special infection through javascript, especially under FireFox. He's a security freak compared to IE, but it's worth it. In order to catch the infection through javascript, you need to answer in the affirmative to any question, which is usually disguised under a plausible pretext. So there is a simple rule here. If you obviously went to a suspicious site and if it asks you to answer yes to some question, then it is strictly forbidden to agree and therefore would strongly recommend leaving such a site. There are fewer and fewer sites like this.
apocalyptic
My idyll came when there were 4 computers at home.
Here is a good option. I suppose your computer distributes the Internet to the rest 🙂
Is there a server to administer? 🙂
The "No Script" plugin is absolutely useless and interferes with the work of the plugin.
I forgot to say that Outpost Firewall can block all these things, from ActiveX to ads.
blockquote>In order to catch the infection through javascript, you need to answer in the affirmative to any question, which is usually disguised under a plausible pretext. So there is a simple rule here. If you obviously went to a suspicious site and if it asks you to answer yes to some question, then it is strictly forbidden to agree
Yesterday I just had my homework on computer security, I tried to make Eset and Outpost Firewall friends, I killed half the night for this, since both the first and second have their own firewall and they block each other.
Daniel
After the last infection, I spat on protection: ZoneAlarm and Avast stand for appearance and against ScriptKiddis.
Basic protection:
- I store everything important on the network (DropBox, GoogleDocs, Yandex-Bookmarks)
- Passwords and confidential - KeePass (and the database is in DropBox)
— Change 120-128 bit passwords once a month
I plan:
– Master portable software (Notepad ++, etc. for working on the site)
— Began to master web services, simple programs (Yandex photos, etc.) and FF add-ons to perform simple operations for which we usually use super-duper-pro-software
- Buy Kaspersky to check and disinfect the content of the site (in the most extreme case)
As a result: I can demolish the system at any time and install it again, without loss.
Sd3000
According to theory 2, FireWall cannot be friends by definition
That is, one port can serve only one and only one program. Everyone can monitor, but only one can serve, this is laid down at the system level, both windows and linux.
That is, if they show that they have been working, then one by any works in some kind of observation mode, and not control.
It’s too early to buy your own server for home 🙂 a router is enough))))
For amateurs, only port 80 is open, there is nothing to do on other ports.
Well, from the time I worked in the server center, I realized that the best protection is properly configured hardware than software.
SergeySL
properly configured Cisco is 10 times better and faster, any FireWall even on Linux 🙂
Cisco is a piece of hardware running Cisco IOS, a very smart piece of hardware, however, again, its software needs to be configured.
About 10 times faster - did you measure? Compared the price of a router based on a cheap computer with Linux / Unix and a device from Cisco? What about the cost of setup and support?
apocalyptic
The most effective way is the differentiation of access rights between users and the system administrator. More effective, believe me, no!
Along the way, yes, but the SD3000 says that this is not an option in XP.
I store everything important on the network (DropBox, GoogleDocs, Yandex-Bookmarks)
Passwords and confidential - KeePass (and the base is in DropBox)
Change 120-128 bit passwords once a month
I plan:
Master portable software (Notepad ++, etc. for working on the site)
I started to master web services, simple programs (Yandex photos, etc.) and FF add-ons to perform simple operations for which we usually use super-duper-pro-software
Wow, you have radically approached the issue of security, in principle it is a good idea to store valuable information not on your home computer.
We offer 12 PC security tips designed to minimize the risk of catching malware in the vastness of the web. The Internet is a wonderful place where we spend a significant part of our time, where you can study, expand your horizons comprehensively, make new friends from all over the world and, absolutely free of charge, communicate with anywhere in the world. All this lightness is captivating, but if you do not take care of safety, attractiveness will quickly replace disappointment.
Luckily you don't have to be "seven spans in the forehead" to protect your computer and personal data online. We invite you to read and take into account 12 PC security tips designed to minimize the risk of catching some kind of "contagion" in the vastness of the web.
Content:So, let's begin.
Software updates running in the background can be very annoying, as it's always annoying when your PC starts to slow down and you have to wait for them all to be installed. But it is with updates that programs receive the latest features and fixes for various errors, including closing holes in software security. Therefore, updating the operating system, browsers and security software is the basis for the security of your PC or gadget. Set automatic updates for a certain time, or update them manually, but this must be done constantly.
Uninstall browser extensions that you don't use and don't fully trust, as they can significantly slow down PC performance or spy on all your activities. Also, add-ons may have vulnerabilities through which malware will interfere with their work. That is, through add-ons, key loggers can work that track the text entered on the keyboard, or screenshot managers that will save snapshots of web forms you have filled out. Through vulnerabilities in password managers, malware can track the currently used confidential information: logins, passwords, email addresses, banking information, etc. Open the extensions page in your browser and you'll find a few plugins and add-ons you didn't even know you had. Review them all and delete the ones you don't use.
These days, most campaigns such as Google, Apple, Microsoft, etc. provide users with the option to set up 2-Step Verification (or sign in with verification via an email to "email", code in "sms message" or code in the mobile app) to log into your account. In essence, this is extended authentication, a special defined method of controlling access to an account from an unknown device or a non-standard one. "IP addresses". In it, the user needs to present the system not only with a login and password, but also provide additional evidence, for example, the code in "sms message", which is sent to the phone number associated with the account. We highly recommend using the two-step method of logging into your account, because even if the attackers somehow got hold of your login and password, without a code from your phone they will not be able to enter your account and harm you.
Some sites, including facebook, "In contact with", Twitter, "Instagram", Gmail and Google, allow you to check recent active actions: account logins, posts, various changes in your account, settings, etc. They should be checked periodically to determine if there have been any suspicious activities that you did not commit (for example, authorization from a third party "IP addresses"). It will also be helpful to unload connected apps that you don't regularly use or that are doing unhealthy activity on your accounts.
To learn how to check activity in social network accounts, read the separate articles:
5. Set a password on your phone's lock screen
If the phone is stolen, or you accidentally lost it and didn't set lock screen protection, then the person who finds it can access all social media accounts, and the web browser with all saved passwords. Accordingly, he will be able to manage the data in the accounts, delete them or use them to your detriment. If you want to avoid this, then add a visual template, "PIN code" or fingerprint on the device's lock screen. Now, such a lucky person will get only a phone, and your personal data will be safe.
6. Protect your laptop
The same goes for your laptop or desktop PC, especially if your browser has saved passwords or automatically logs you into the websites and apps you use every day. Add a password or some other security method (of your choice) and make sure that the Windows OS security settings macOS or Android configured to require a password each time they log in, wake up from sleep, and change users.
End-to-End encryption is a special method of data transfer in which several users who are interlocutors get access to messages. Using end-to-end encryption, you can protect your connection from third parties, that is, using the same cryptographic keys makes it possible to correspond (or send files) only to the sender and recipient. Other users will not be able to decrypt this data, even if someone can trace it, then there will still be no benefit from this. Websites that use encryption have specific "URLs", they start with the abbreviation HTTPS, are often displayed with a green padlock in the browser's address bar. Also, use fully encrypted messaging platforms such as: whatsapp, Telegram or signal.
8. Be careful with public "Wi-Fi hotspots" Internet access
The problem with public "Wi-Fi hotspots" Internet access is something that as you can connect to it, so can everyone else. This means that you need to be more mindful of the files you transfer over such a connection and the websites you visit. Also, we highly recommend that you install some software to create "VPN Connections" ("Virtual Private Network"– virtual private network). This technology allows you to establish one or more connections over another network. Since all traffic between your computer and "VPN connection" is encrypted, then no one can track which web resources you visited, what mail you received, etc.
Remember that social networks "Instagram" or Twitter, are public by default, so everyone can get information about where you are and what you're doing. Do not expose too much information about yourself to the public, such as snapshots of a map with your home or work address, photos with geolocation, photos of your car, etc. Social network facebook provides more privacy options, such as per-message audience settings that you can use to only send photos to close friends or family.
10. Don't share your personal information with anyone
Can someone call your bank or network provider and pretend to be you? Are you sure about that? We strongly recommend that you make sure that the personal information that you used to additionally identify yourself over the phone (birthdays, pet names, addresses, family names) is not available on the Internet. Make sure that you do not use publicly available information for such purposes, that it is not posted on social networks or the settings of various accounts.
On the Internet, you can find many paid and free utilities to protect your PC or gadget: antiviruses, antispam programs, Internet connection protection programs, etc. They will constantly monitor your activities on the Internet and provide protection against viruses and a variety of malware. Even free antivirus software will protect your computer well, for example, Avast! Free Antivirus», ESET NOD32 Antivirus, BitDefender Antivirus, kaspersky antivirus and many more, all of them show excellent results in PC security. Many have additional built-in banking information protection modules, parental control, firewall, protection against network attacks, mail client protection, etc. We highly recommend using antivirus on PC and mobile device.
12. Some useful security tricks
Not all precautions you can use are digital. Remember that the biggest danger to you on the Internet is yourself. Use one, the most secure as you think, email box for all the most important accounts: for banking sites, payment systems, hosting, etc., and do not use it for anything else. Use wired Internet at home or in the office to work on these sites. Do not log into these accounts on other people's PCs and mobile devices, or through free "Wi-Fi hotspots" to the Internet when you are not sure about the security of this connection. Write down all important passwords in your notebook (on a piece of paper) and never save them digitally. Always use antivirus software. Don't post too much personal information in public on social media. Do not give anyone personal information that can be used for additional identification over the phone. It is very dangerous to enter your bank card details to pay for goods on the Internet, so use payment systems that you trust (for example, PayPal). Also, do not go to dubious web resources, just by going to which you can download the virus (in the site icon, file favicon). Check with an antivirus all files and programs downloaded from the Internet before installation. Just follow these not tricky tips and they will allow you to avoid many problems on the network.
The Internet is one of the most common places to get virus or spyware while browsing the web. There are many websites just waiting for you to make a mistake so they can inject a virus or malware into your computer. Because of this, it is important to use some caution in order to surf the Internet safely.
In the old days of the World Wide Web, Internet surfing (web browsing) was a relatively safe activity. Most web pages were written in plain HTML, the very first browsers were text-based. New technologies soon emerged to make the web browser richer, more interesting, and more interactive.
Web pages now contained much more than text and pictures. Web designers began to use scripts and other inline codes to make pages feel more alive. Microsoft introduced ActiveX, which provided functionality similar to Java applets, but at the same time it increased the security risk because ActiveX controls could access the Windows operating system.
Scripts, applets, and ActiveX can be embedded in web pages to do amazing things, but they can also be used to harm a computer, such as infecting a computer with a virus, secretly installing software that allows a hacker to take control of the system, etc. .
This is due to the very nature of technology, since any technology can be used for good or for evil.
The following tips will help you avoid malware to your computer and make your surfing the Internet safe.
Choose a reliable browser
According to Internet Security Research, Firefox is the best choice when it comes to web browser security. However, Microsoft has put a lot of effort into improving the security of Internet Explorer. In this regard, both IE and Firefox are good choices when it comes to choosing a browser.
But, no matter which browser you choose to use, make sure to download and install the recommended updates. Keeping your browser up to date with the latest security patches will help fix any security issues you find.
Install antivirus and firewall
Surfing the Internet safely also depends on using a good antivirus program to protect against viruses. Also, make sure you also have a firewall. A firewall controls the traffic between your computer and the Internet and is your first and best line of defense.
Most operating systems come with a firewall, but this won't help you if you don't enable it. The combination of good antivirus protection and a firewall can prevent many problems.
Keep Your Wireless Networks Secure
Turn on the firewall on the router, and change the router's administrator password regularly. Visit the support section of your ISP's website or your router manufacturer's website for instructions on how to take these precautions. And make sure the router has encryption such as WPA or WPA2.
Download files from trusted resources
A common place to get a virus is from bad downloads from dubious sources. Download files only from known and trusted sites. Many computers get a virus when users try to download, for example, music from an untrustworthy website or torrent. Also, download and install free software only if you are sure that the source is safe.
A free program with lots of positive reviews from popular websites can probably be installed. But if you cannot find any information on the Internet about this program, do not install it and find another program that performs the same function.
Avoid Malicious Sites
If you land on a site that is terribly designed, full of pop-ups, and that may even be causing your antivirus to pop up warnings, it's best to leave that site. Make sure you close any pop-ups. You must also follow the recommendations of the antivirus program to remove the detected virus or spyware. This will make web surfing safer.
When browsing the web pages of financial institutions or similar, take steps to avoid fraudulent websites that ask for personal information. Most legitimate sites don't ask for this information, but instead require you to register.
Use the help of a search engine that corrects typos so that you can navigate to legitimate sites and avoid being taken to fake web pages. Also, avoid pornographic sites, most of which contain malware that can harm your computer.
Install Windows Updates
If you are a Windows user, make sure you regularly download and install the Windows updates recommended for your PC. Often these updates close security holes that have been found in Windows.
In our time, SEO optimization of sites, getting good positions in search engines and increasing resource traffic is of great importance. To increase these indicators, many webmasters use active advertising systems (ATS) or mailers, and ordinary users use these systems to generate additional income.
Both sides are pursuing their goals. Web owners are growing traffic, importance for search engines, attracting additional customers. CAP heavily directs traffic to the site, for many systems that trade sites with links.
But this medal has another side. After all, all CAP sites have users who are hard clicking on links and creating traffic. Unfortunately, no one cares about them. Many were attracted to active advertising systems by the promise of fabulous earnings. But one of their clicks on the link costs an average of 2 kopecks. Imagine how much they have to work to at least cover the cost of electricity and the Internet.
Surf safety
Unfortunately, the low cost of their labor is only half the trouble. The second half are sites with malicious code on them. Even when using an antivirus with up-to-date databases, the chance of becoming infected with computer viruses is high. This leads to identity theft, malfunction of the operating system, etc.
More and more users are disappointed in this type of earnings, although with a competent security system, earnings are possible.
How to be? Decent owners of promoted ATS to some extent take care of the quality control of the advertised sites. But this is ideal. It’s better to think over your security strategy and follow some tips about it.
- Do not access the Internet under the computer administrator account. A guest account is more suitable for this, with limited rights - a guest. Even a beginner can do this in the control panel.
- For each mailer you use, assign an individual login and password.
- Do not enter or disclose your virtual wallet details to strangers
- Use trusted antivirus software.
- Use utilities that allow the user to work with a "clone" of their operating system, and not with its original. For example, the Shadow Defender program, which will help even the "uninitiated" to keep his system intact. Shadow Defender allows you to put the system in shadow mode. Which is called Shadow mode, in which the user will not be threatened by the loss of important information or a virus attack.
- Work with proven and well-known sites that have a lot of reviews on the network and which have a lot of traffic. The number of registered visitors and the age of the CPA are the main indicators of safe surfing.
Websites for Safe Surfing
In conclusion, I want to give my list of surfing sites that I personally checked. They are few, but they are the best!
