Tuesday, August 18th 2015 2 years ago

How to secure your internet access

In my last post I discussed good password hygiene, and how you can use a password manager to authenticate all of your online services. This is a great way to protect your password from brute force hacks and social engineering; however, it does nothing to protect you from packet sniffing--the interception of data over a network. To secure yourself from sniffing, you’re going to need to put in a little extra effort.

basic authentication

Anyone with even a little bit of technical knowledge can read anything you send and receive over the Internet. If it’s not using HTTPS (Hypertext Transfer Protocol), it’s fair game. That means every form and field you fill out on the Internet can be sniffed out and read by anyone. Not even a password manager will save you, as you can see in the example below.

wireshark form post

So, what measures should you take to prevent this? The first thing you should do is configure your web browser’s privacy settings, like enabling private browsing in Firefox or setting Chrome not to save cookies. This is a small precaution, but one of the simplest you can take.

There are also several web extensions you can install to provide additional security. HTTPS Everywhere is an extension that enables HTTPS on most websites, encrypting your communications. Extensions like uBlock and Ghostery block advertising and cookies, respectively. Plus, both extensions block the tracking used by advertisers to tailor ads to your personal information. Finally, NoScript can be used to disable javascript and flash on any websites not included in your personal whitelist.

These extensions are all valuable assets for securing your Internet access, but none of them are as secure or as efficient as the Virtual Private Network.

Virtual Private Networks

While using a Virtual Private Network (or VPN), everything between your device and the website you’re visiting is encrypted. That means nobody can read what you send. Not your ISP, and not the NSA. This is important, especially considering that some ISP’s save all of your traffic logs for 10+ years. Without a VPN, every nasty website you visit and everything that you say online can be recorded and logged by your service provider.

VPNs also help provide users with public safety. Remember, when using public wifi or public networks in general, anything that is not HTTPS can be tracked--even things like FTP or HTTP. Through the use of utilities like FaceNiff and Firesheep, a threat can intercept the cookies that allow you to remain logged into a website, hijacking your session. Threats can also perform Man-In-The-Middle attacks, changing the communications sent and received by your device. VPNs prevent session hijacking, and limit Man-In-The-Middle attacks because your data is encrypted.

While using a VPN, you’re also completely anonymous. Rather than having an IP that can be traced back to you, your IP is provided by the VPN service. This protects your identity, prevents data theft, and deflects black-hat hackers. It also permits access to any website that would otherwise be blocked by firewalls, whether you’re browsing from school or The People’s Republic of China. This is such a valuable selling point that even the United Nations recommends the use of a VPN. So does the EFF, and you should support them.

While having your own VPN isn’t free, it’s worth it. I got mine through Private Internet Access. At $50 a year, it’s the best value I’ve found. If you’re going to go with someone else, just keep in mind that while there are alternatives, not all of them are trustworthy. Hide My Ass, for example, compromised a Lulzsec member’s privacy in 2011 by handing over private traffic logs to the FBI. That said, you should be looking for a VPN that has no traffic logging, unlimited bandwidth, and good speed. Private Internet Access has lots of servers throughout the world, is easily set up, and can be configured in many different ways (SOCKS, PPTP, IpSec, VOIP support).

I like using PIA mainly because it helps me stream Netflix titles without regional restrictions, and download torrents anonymously. No one can see what I’m streaming or torrenting, and the bandwidth is unlimited and fast. Plus, it works on Linux, OS X, Windows, and Android, and you can connect up to 5 devices. In the end, the only people you really have to worry about having your information is PIA themselves. If that’s a problem, you can always pay using Bitcoin or a gift card. They’ll provide you with a random username and password, and from there you’re good to go.

This is final article of a three-part series on personal digital security. The previous article is on good password hygiene.