Recent Posts
Categories
General Security when Traveling
Many of you will need to travel for work or for a vacation. Some travel within your own country, others will be outside your country. With the changes to borders by various countries, you now need to be more vigilant on what you keep with you that may get searched or used against you.
Short of leaving all your electronic devices home or having a security detail watch you everywhere you go, there are steps you can do to protect your privacy from snooping and some actions to keep your persons safe as well. This is not an end all fix all, a change in legislation and ideology is the only way to fix that.
Some of these suggestions may help, some may not. Governmental polices and feelings are to in flux so there is no hard and fast solution. With that being said, I am not responsible if the options do not work for you. These are guideline and general options:
-
Yourself and ones close to you
-
Try to fit in to the environment you find yourself in, be like the locals, dress like the locals. Some countries have expected dress codes for different genders, some do not. Spend some time getting to know it and what the history of the location is.
-
Set up meeting places if you get separated from your group. People are going want to explore if they have never been to the location before. That is good, it helps you grow. Some of that exploring may get you separated from others or if there is a major event and chaos becomes the norm, you will need places to find others that may have gotten swept up in the event. Have multiple places, not a lot maybe two or three. Depending on the event some location may be better than others. Some location may be the center of the event other may just be passed by like they do not exist. The do not exist places are the safest, again it will depend on the event, so having a few, and everyone knowing about them will be helpful. They can be most anything, statues, gas stations, hotels, churches, a locally known person’s house. But remember they can also be the worst places to be, so just note the event and chose carefully.
-
Make note of the location you are staying at. If it is a hotel note the escape areas, stairs and elevators. Note the area around the hotel and the buildings near it, can you jump to the next building if needed or can you climb out the window using bed sheets? Are you able to get to a location or can you defend in place if needed? Noted from one of my executive protections professors, set up zones of protection around yourself. Things you can drop if needed and things you need to keep close. Note things you may be able to barter with, like jewelry or even shoes. If you worried about losing mom’s priceless ring heirloom then leave it at home, you don’t need to show it off that badly. In fact leave most of your jewelry at home, maybe take knock off stuff but keep the good stuff at home. Keeping things like medicine, passports, money, things you need to have at all time, place them in something that you can grab quickly and go.
-
Learn the history of the place, when I talk of history I do not mean ancient history, I mean recent history. Has the location had any large scale events, such as earthquakes, upheavals in governments, civil unrest, things on that type. Have some knowledge of the location where you will be staying, its main roads, airports, travel places.
-
Have a quick escape plan, if you need to leave how will you do it and where will you go? Make sure everyone knows it and knows what to do.
-
-
Electronic devices
-
Next to yourself and family many people will feel that their electronic devices are like a second child to them. I am talking about their cell phone, tablet or laptop. These devices hold more data about you than most of the paperwork you may have in your lock-boxes. Personal contacts, social media, account numbers, search histories, all this information can create a profile about yourself that is very accurate and can be used to cause harm or simple embarrassment if not kept secure. It’s called “Metadata” It alone can create a very accurate profile on you, your likes, habit’s and how you live. It can show links to people that you may not care about but may flag you because of someone else may be a person of interest to others, so you now become a person of interest. Guilt by association. In the past this was not really an issue, but in this day and age its more and more relevant. With the new policies in the US and its boarders, searching of your laptop and phone’s contents has become more widespread. Even to the point of forcing you to login any social media so it can be copied for later viewing. Removing you phone from your sight and copying all its contents is another now normal at boarders. Sure you can resist, but you will be tired, hungry, and you are stuck in an environment that others control. Its easier to just give in and let them win. If you do some preparing beforehand you can minimize some of the loss of privacy, not all but you will be more in control of the data they will have access to.
-
For your cell phone if you can use a burner phone, then buy and use it. Its safer for you because if its stolen or border control want to look at it, there is not much of your private data that can be tracked, then your just out that phone and the hours you put on it, not your main phone. If you have to take your personal smart phone then make sure it is encrypted. Many new phones have options to encrypt it when it is turned off. It is still possible the border people will want you to turn it on but its something. Another step is to remove all your social media apps from the phone. Twitter, Facebook, snapchat, dropbox, etc. Log out and clear your cache from the phone. Look into apps that will have encrypted sections you can store data in if you need to have the data. I know smartphones have wonderful cameras so you will have photos of your trip, if you can keep them in secure storage all the better. Have a few G rated images on the phone to make it look like you do use it so less change of sticking out in a search.
-
For your laptop, that is a tough one. My recommendation is not to take it at all. But if you really feel you need one with you, then use one like a chrome laptop. Having no OS for them to search and using the web only so your information is reasonably secure. Have two accounts, one main, and one you use to auto boot it up to have them look at if forced. If you feel you need to have it then have hard-drive boot encryption and encrypted folders. This will keep your mind at ease if it gets it stolen or lost but not as much of told to boot it up so they can make a copy of the hard-drive. Another option is to have it shipped to the place you are going, not one I recommend easily for small person business but larger corporation may have that option. Some smart phones have encrypted micro SD cards, you can store needed data on them and insert it when at your location. When using your laptop have it run a VPN that you setup before you leave on the travel. If that is not possible then use TOR or some other type of anonymous web serving solution. One never knows who may be sniffing the traffic at the location or in-between you and your location. I should not need to remind you not to do banking or accessing sites of a private personal nature when traveling, if you do then you get what’s coming to you.
-
-
General
-
Be helpful but not overly so. If not asked, don’t give information. You need to keep remembering they do not work for your protection, they work for the government’s protections.
-
Use a VPN at all times if you are browsing and non-home network connection. If not able to install a VPN, then use TOR to keep some of your searching anonymous. When you order a VPN make note of their log policy, find one that does not log anything, and look for ones that have multiple countries you can connect to. Watch out for VPN fakes, they will sell you a fake do nothing VPN’s, so do research on ratings.
-
If they take your devices out of your sight, then I would treat them as a bio-hazard and never use or turn them on again. If they leave your sight, then you never truly know if any spyware apps have been installed on the device. Safe now or sorry later, up to you.
-
-
Don’t stay quiet if any of this happens to you or someone you know, write a letter to your congressmen, complain to the company, use other services, Ask why you are being singled out for the exposure, make a scene so other see the stupidity of what is going on. Don’t just sit back and let it happen. Seek legal action and let them know about it. Contact organizations like the EFF and Civil liabilities groups.
Back from Penguicon 2016
Back from Penguicon 2016.
Did two presentations this year. One on Tor, its working and hidden services. The other on I2P and its general operations. There was a great keynote from Bruce Schneier on how data and data products, as the business saying goes, “if you’re not paying for it, you are the product”. This is more relevant now than ever with the scooping up of much of your information by business and government agencies. You many think that the information collected has no effect on me if they keep it, but if you really think about the information you are just giving away, once it is out of your hands, you no longer have any control over what is it being used for and in some cases how it is being used against you. Something people should really think about, but unfortunately, they will not until it’s too late. Few other tech talks were fun to be at, same strangeness and interesting people watching as always. May do a few more talks next year, so keep watching for details.
If you have never been to Penguicon, then I recommend checking the next one out.
Here is a link to my presentations
The Dark web Big Three – https://drive.google.com/open?id=0B3AAfAIeWS0KNDBhcnBva0xRcE0
Tor_general – https://drive.google.com/open?id=0B3AAfAIeWS0Ka2otNElOekEwZHM
i2p_general – https://drive.google.com/open?id=0B3AAfAIeWS0KeVZYdkZISkN4MVk
3-2-1 start.. data today and tomorrow..
In this short entry I will talk about ways to backup your file and why it is easier than many people think to create a routine for it. Most of us have had that sinking feeling as we try to find something in the massive clutter of our system and are not able to find it for a while. Think of how you would feel if everyone of your files were gone or scrambled on your systems. Not good I bet.
It is not truly hard to create a system to keep the data safe, yes it will cost a little in some cases but it more than out weighs the frustration of losing your tax records or school papers.
One of the most basic ways is what is called the “3-2-1 system”. That is, three copies of the data, two different media’s and one of them off-site. With the size of the hard drives now have a few one or more terabyte external drives are not that expensive. You could also take one of the disk drives and put it in a bank box for safety, even store it at your parents or friends house. The two, that is two different medias part are simple as DVD disks. Most new machines have DVD writers and programs that allow you to use the DVD as a standard type drive. If you want to go old school then use of “tape drives” are also a good option.
There are even “cloud” based services that will back up your data to their storage for you. Depending on the amount of data and bandwidth you have it could take weeks to fully backup the data. It would cover the one off site location requirement of the “3-2-1 system”. After the initial upload of the data then keeping your files up-to-date would only require small uploads.
There are some options I would recommend, that will add an extra level of security. The first, if possible, have the data encrypted in some way. That way if by chance it was stolen the thieves could not read the data, or even if your “friend/family” got a bit nosy they are not able to read the information. Second, test the data from time to time to make sure it is being backed-up correctly. I have see cases that it looks like it is being backed up but the data is damaged so the backup is worthless. Not a fun time to find not only is your main but also the backup data is damaged as well. Lastly, set up a schedule of some sort to keep it up to date. There are programs that will automatically back up changes, Mac OSX has Time Machine, Linux has a few as does windows. If having question then talk to your local “geek” they will have ideas to help.
Now start that back up and you can sleep easier at night..”3-2-1 start”
Bye for now ()-()
Cloud types
What are the general cloud types?
Public cloud
Public clouds provide access to computing resources for the general public over the Internet. The public cloud provider allows customers to self-provision resources typically via a web service interface. Public clouds offer access to pools of scalable resources on a temporary rent as you go basis without the need for capital investment in data center infrastructure.
Private cloud
Private clouds give users immediate access to computing resources hosted within an organization’s infrastructure. Users self-provision and scale collections of resources drawn from the private cloud, just as with a public cloud. However, because it is deployed within the organization’s existing data center, and behind the organization’s firewall, a private cloud is subject to the organization’s physical, electronic, and procedural security measures and thus offers a higher degree of security over sensitive code and data. In addition, private clouds consolidate and optimize the performance of physical hardware through virtualization. Since you use your current data center infrastructure you have a better idea on how the resources are being utilized. The cloud systems I will discuss are of this type.
Hybrid cloud
A hybrid cloud combines computing resources and draws from one or more public clouds and one or more private clouds at the behest of its users.
The Cloud
What is the cloud?
Terms and general.
Currently there are many different terms and descriptions that define what is cloud or cloud computing. Some say it is the “delivery of computing as a service”, others say it is “processing data in a expandable environment. I like the definition that cloud servers are a way to get “flexible resources as they are required”.
Cloud computing is a way to access computers and their functionality via the Internet or a local area network. Access to the cloud come through a set of web services that manage a pool of computing resources (i.e., machines, network, storage, operating systems, application development environments, application programs). A fraction of the resources in the pool is dedicated to the user until he or she releases them. It is called “cloud computing” because the user cannot actually see or specify the physical location and organization of the equipment hosting the resources they are allowed to use. The resources are drawn from a “cloud”of resources which are used and then returned to the cloud when they are released. A “cloud” is a set of machines and web services that implement cloud computing.
cloud styles
IaaS
IaaS (Infrastructure as a Service) style clouds provide access to collections of virtualized computer hardware resources, including machines, network, and storage. Users assemble their own virtual cluster on which they are responsible for installing, maintaining, and executing their own software stack.
PaaS
PaaS (Platform as a Service) style clouds provide access to a programming or runtime environment with scalable computer and data structures embedded in it. Users develop and execute their own applications within an environment offered by the service provider.
SaaS
SaaS (Software as a Service) referred to as “Software on Demand” style clouds deliver access to collections of software application programs. Providers offer users access to specific application programs controlled and executed on the provider’s infrastructure.
Cloud Types
Public cloud
Public clouds provide access to computing resources for the general public over the Internet. The public cloud provider allows customers to self-provision resources typically via a web service interface. Public clouds offer access to pools of scalable resources on a temporary rent as you go basis without the need for capital investment in data center infrastructure.
Private cloud
Private clouds give users immediate access to computing resources hosted within an organization’s infrastructure. Users self-provision and scale collections of resources drawn from the private cloud, just as with a public cloud. However, because it is deployed within the organization’s existing data center, and behind the organization’s firewall, a private cloud is subject to the organization’s physical, electronic, and procedural security measures and thus offers a higher degree of security over sensitive code and data. In addition, private clouds consolidate and optimize the performance of physical hardware through virtualization. Since you use your current data center infrastructure you have a better idea on how the resources are being utilized. The cloud systems I will discuss are of this type.
Hybrid cloud
A hybrid cloud combines computing resources and draws from one or more public clouds and one or more private
Recent Comments