Author Topic: Internet & Financial security - use a dedicated secure machine  (Read 6218 times)

Mr Mark

  • Handlebar Stache
  • *****
  • Posts: 1181
  • Location: Planet Earth
  • Achieved Financial Independence summer 2014. RE'18

With the current situation on the internet, we are all no doubt aware of internet phishing attempts everywhere.

If you are conducting big-time internet banking, brokering, Vanguard, insurances, etc, looking after that 'Stash, the idea of someone getting a hold of all that would be a disaster. Yet it seems risky to depend on Anti-Virus/Spam/Spyware.

One way to protect yourself on a budget* (think of it as an insurance premium!) is to buy a new, cheap netbook. Install a browser, dedicated backup HD and antivirus/firewall, and 100% dedicate the machine to all on-line secure transactions.

Protect it both physically and with passwords, and simply never, ever use it for anything else. Not email. Yes, it takes discipline and is not fool-proof. Although a chrome-book would even automatically secure the operating system, I believe.

The only way you'll get hacked is if someone does a Mission Impossible on you.

(*more budget options than buying a cheap netbook are undoubtably out there - reformat that old laptop maybe?)

arebelspy

  • Administrator
  • Senior Mustachian
  • *****
  • Posts: 28119
  • Age: -999
  • Location: Seattle, WA
Re: Internet & Financial security - use a dedicated secure machine
« Reply #1 on: May 24, 2012, 03:53:43 PM »
Educating yourself and taking the proper precautions seems like a much cheaper and more secure (and thus more Mustachian?) solution.
We are two former teachers who accumulated a bunch of real estate, retired at 29, spent some time traveling the world full time and are now settled with three kids.
If you want to know more about us, or how we did that, or see lots of pictures, this Business Insider profile tells our story pretty well.
We (rarely) blog at AdventuringAlong.com. Check out our Now page to see what we're up to currently.

Mr Mark

  • Handlebar Stache
  • *****
  • Posts: 1181
  • Location: Planet Earth
  • Achieved Financial Independence summer 2014. RE'18
Re: Internet & Financial security - use a dedicated secure machine
« Reply #2 on: May 24, 2012, 04:14:13 PM »

It may be cheaper but I don't see how it's more secure.

Daley

  • Magnum Stache
  • ******
  • Posts: 3994
  • Location: Cow country. Moo.
  • Got that mustache feeling.
Re: Internet & Financial security - use a dedicated secure machine
« Reply #3 on: May 24, 2012, 04:28:28 PM »
Mr. Mark, there's a fatal flaw to your logic. Some malware can propagate on your internal network and/or eavesdrop on network traffic, especially if you're running Windows. Then there's DNS cache poisoning with your ISP, MITM secure certificate exploits, etc. etc. This approach is about worthless unless you have no other systems online with that one said system behind a hardware firewall and a direct encrypted personal VPN connection to your banking institution's internal servers. Good luck getting that.

Also, you could do the exact same thing for the price of a CD-R or USB drive and a Linux distribution like Ubuntu. Basically, boot into a clean-room OS if you're that paranoid.

Educating yourself and taking the proper precautions seems like a much cheaper and more secure (and thus more Mustachian?) solution.

Agreed. Common Sense 2012 is the cheapest, best protection you can have.

arebelspy

  • Administrator
  • Senior Mustachian
  • *****
  • Posts: 28119
  • Age: -999
  • Location: Seattle, WA
Re: Internet & Financial security - use a dedicated secure machine
« Reply #4 on: May 24, 2012, 07:12:05 PM »

It may be cheaper but I don't see how it's more secure.

Because I have more faith in someone educated to not * up a non-isolated machine than I do someone clueless to * up a clean one.

The education is the key part.  Handing someone who has no knowledge about phishing, malware, etc. a machine and saying "only use this for your online transactions" isn't enough.

Thus why I say education is not only cheaper, but more secure.
We are two former teachers who accumulated a bunch of real estate, retired at 29, spent some time traveling the world full time and are now settled with three kids.
If you want to know more about us, or how we did that, or see lots of pictures, this Business Insider profile tells our story pretty well.
We (rarely) blog at AdventuringAlong.com. Check out our Now page to see what we're up to currently.

ducknalddon

  • Guest
Re: Internet & Financial security - use a dedicated secure machine
« Reply #5 on: May 25, 2012, 01:44:49 AM »
Some of the drive by malware is pretty easy to pick up, no matter how well educated you are. It's well known in the industry that anti-virus software only picks up three quarters of the threats at best.

Sparafusile

  • Bristles
  • ***
  • Posts: 333
  • Age: 37
  • Location: Indiana, USA
Re: Internet & Financial security - use a dedicated secure machine
« Reply #6 on: May 25, 2012, 05:34:14 AM »
The only way you'll get hacked is if someone does a Mission Impossible on you.

I'm afraid you are just deluding yourself. I use to say that the only way not to get hacked was not to connect your computer to a network (the internet). Then I read about STUXNET (http://en.wikipedia.org/wiki/Stuxnet) and decided that the only way not to get hacked was to not turn your computer on. Computers by definition are insecure. Part of that is because they are so complex that it's hard to close all the security holes and the other part is because of ignorance of their users.

If I was paranoid enough to put serious effort into protecting my banking online, I would run a virtual machine with a bare bones Linux installed and Chrome in "incognito" mode. Even then, if I wanted to be really safe, I'd modify the Linux kernel and Chrome to remove most of the features I wouldn't be using. Then connect through Tor to do my banking.  Guess what, it still wouldn't be 100% secure.

In my opinion, you just need to prevent yourself from being part of the "low hanging fruit". If you are slightly harder to hack then the rest of the population, you'll get passed over. If you want to be 100% safe while banking do it in person and use cash for all purchases.

grantmeaname

  • Magnum Stache
  • ******
  • Posts: 4836
  • Age: 27
  • Location: NYC
  • Cast me away from yesterday's things
Re: Internet & Financial security - use a dedicated secure machine
« Reply #7 on: May 25, 2012, 07:48:10 AM »
It's well known in the industry that anti-virus software only picks up three quarters of the threats at best.
[Citation needed]. While I agree that antivirus software is imperfect at best, you may be oversimplifying it a bit. That's not quite how anti-virus works. A-V software is great at scanning for known threats that are certain kinds of malware, like viruses and spyware, and totally useless for other kinds, like many rootkits. And new threats that haven't been manually added to the software's definition list, even if they're a type that the A-V software is good at finding, will not show up at all.

I'm with Sparafusile. If you're concerned, get VMWare Player or Virtualbox (free), install Ubuntu (free), and then you've got a Linux "cleanroom" that took you less than an hour of effort. That seems like a little bit of effort for a high return in security.

Mr Mark

  • Handlebar Stache
  • *****
  • Posts: 1181
  • Location: Planet Earth
  • Achieved Financial Independence summer 2014. RE'18
Re: Internet & Financial security - use a dedicated secure machine
« Reply #8 on: May 25, 2012, 11:08:16 AM »
The only way you'll get hacked is if someone does a Mission Impossible on you.

I'm afraid you are just deluding yourself.

It was a joke. There`s a continuum of risk. I don't think it`s as binary as you suggest. I`m not saying it replaces common sense or other sensible precautions. And, yes you can still get hacked. But physical separation along with the other things we all do sig. reduces exposure to rogue code. IMHO



grantmeaname

  • Magnum Stache
  • ******
  • Posts: 4836
  • Age: 27
  • Location: NYC
  • Cast me away from yesterday's things
Re: Internet & Financial security - use a dedicated secure machine
« Reply #9 on: May 25, 2012, 11:47:29 AM »
I don't think physical separation is any better than the separation you get from virtualization, except perhaps for your personal peace of mind.

Daley

  • Magnum Stache
  • ******
  • Posts: 3994
  • Location: Cow country. Moo.
  • Got that mustache feeling.
Re: Internet & Financial security - use a dedicated secure machine
« Reply #10 on: May 25, 2012, 01:00:18 PM »
The only way you'll get hacked is if someone does a Mission Impossible on you.

I'm afraid you are just deluding yourself.

It was a joke. There`s a continuum of risk. I don't think it`s as binary as you suggest. I`m not saying it replaces common sense or other sensible precautions. And, yes you can still get hacked. But physical separation along with the other things we all do sig. reduces exposure to rogue code. IMHO

If virtualization still isn't enough for you (and it shouldn't under most configurations - a VM is only as secure as its host, it'd be better to sandbox the risky stuff than the banking), it's still just as secure (if not more so) and cheaper to boot into a Live CD or USB install of Linux on your pre-existing machine than it is to purchase a dedicated one. The only risk then is BIOS level viruses, which are rare.

Honestly Mr. Mark, there's only so much risk mitigation you can do, and although I don't doubt for a second that your heart is in the right place, your logic is not.

This is what I'd call Howard Hughes security. It's where someone is so wrapped up in their fear of germs that they wear kleenex boxes for slippers and store their urine in jars and completely miss the fact that they're wearing kleenex boxes as slippers, they're storing their urine in jars, they've turned the carpet black and are growing entire ecosystems under their uncut fingernails! It's simply misdirected overkill to mitigate risks that aren't even your biggest threats and concerns in the entire chain. Honestly, doing anything online with finances is like playing Russian Roulette with a million chamber revolver; you either accept the risks and safeguard against the worst case scenario, or you don't. Quite frankly, if you knew what I do about network security and infrastructure, with the approach and mindset you're taking, you'd never bank online again...

...or buy anything online...
...or use credit/debit cards in general...
...or ATM machines...

...you'd keep nothing but non-sequential bills hidden under your mattress, pay cash for everything and sleep with a shotgun. The more you know about networking, the more you realize you have to trust your poorly encrypted traffic to more groping hands than you'd find in a giant filthy orgy. (Sorry Sparafusile, I wouldn't do Tor for financials if my life depended on it. Too easy to honeypot an exit node, amongst other issues with the network. Tor is "anonymous", not secure.)

I'm not saying you shouldn't execute security best practices, and if you're so clumsy and careless with security that it keeps you up at night unless you have a dedicated machine for transactions... if it helps you sleep better, sure, but understand it's a placebo. Far bigger threats lie between your modem and their servers. Staying properly patched and updated, not running your account as admin/root, running behind a hardware firewall, using a decent AV program, downloading and installing applications only from authenticated sources, using strong passwords and keep them in an encrypted database if you need them written down, using a web browser with whitelisted sites for plugins and ads (Firefox with NoScript and AdBlock+ for example), staying away from the filthy back alleys of the internet, not keeping cookies, using a dedicated e-mail client in plain text mode, not participating in social media fads, being aware of social engineering techniques, and just not being careless about where you go online is about as secure as you can really hope for with any networked computer. The exact same risks would exist on a machine maintained that way as they would on a dedicated for financials only machine, and if anything, is most likely safer because you're actively maintaining the machine for security in general instead of only turning it on to do your banking once every couple weeks.

tl;dr: If you still insist on being paranoid about something, be paranoid about your DNS servers, your ISP, your bank's security practices and public servers, your bank's employees who insist on bypassing the firewall and playing some idiotic Flash game linked off Facebook on their workstation during their lunch break, and the quality of the "randomly generated" salt tables for your encryption... then realize they're all things that are nearly entirely out of your control and the best thing you can do is just keep up your own housekeeping.
« Last Edit: May 25, 2012, 01:40:07 PM by I.P. Daley »

Mr Mark

  • Handlebar Stache
  • *****
  • Posts: 1181
  • Location: Planet Earth
  • Achieved Financial Independence summer 2014. RE'18
Re: Internet & Financial security - use a dedicated secure machine
« Reply #11 on: May 25, 2012, 10:20:00 PM »
Excellent and comprehensive answer. Thank you.
Perhaps a mustashian  post from you on net security would help all of us... 

Daley

  • Magnum Stache
  • ******
  • Posts: 3994
  • Location: Cow country. Moo.
  • Got that mustache feeling.
Re: Internet & Financial security - use a dedicated secure machine
« Reply #12 on: May 26, 2012, 10:06:15 PM »
Excellent and comprehensive answer. Thank you.
Perhaps a mustashian  post from you on net security would help all of us...

No problem. Maybe I'll post something after I wrap up my current contract and finish updating the communications guide.

In the meantime, let me leave this here. Also this. They're not very technical or nuts and boltsy, but they're not intended for administrators and technical people, they're intended for Joe Sixpack.