7
Contributors
7
Replies
49
Views
3 Years
Discussion Span
Last Post by melissad
1

There's a big answer to that. The simple answer is "you don't". That doesn't ream it's useless to try to protect yourself though.

Here's a list of "info" I guess (some of the stuff listed is just going to a paranoid extreme, because why not):

  1. The best way to protect yourself is to understand how attackers carry out their attacks. You should understand how to implement the attacks yourself, and you should be adept at inventing new attacks. Essentially, by far your best shot is knowledge. Attackers arn't magic. Their bound by the same laws of physics and math as we are. The difference here is knowledge.

  2. The first thing I'll talk about is physical security. You should make sure that there is no physical tap anywhere on your computer. If you're extreme, you might make sure to pick up a randome conputer off the shelf, take it apart, and examine each part before putting it back togeather (or alternatively building it from regular computer components and being carefull how you put it togeather). you should do the same proccess for things attached to the computer like the moniter and the keyboard and even the cables used. You also need to be just as carefull about things in your room, like cameras, etc. Also, some cables, etc can give off some signals giving away information. Attackets could convievable use something like this to look in to what your doing. So, keep the area locked off, secure and use something to block em signals (like coper wire running around the office).

  3. The next thing might be the software used on boot up. For example, the BIOS might contain something malicious, and you would never know about it. If your concerned about that, you might want to use an open source BIOS. If you computer is ever physically taken, you'll want some other guerentee that the information is safe, so you'll want to encrypt it with something like VeraCrypt. That is also vunerable to a so called "Evil Maid" attack, so you'll need to verify the bootloader, etc every time you boot up.

  4. Since your using a password and all, it might as well be strong.

  5. Never-ever reuse passwords. Use something like KeePass to insure that all of your services use unique passwords (so you don't need to write them down/try to remember them/make the mistake of reusing them).

  6. There is also a number of software attacks. If your very paranoid, use something like Tails (check the checksum on a few indipendent computers). The software on your computer must also be safe. If your using windows, use strong HIPS+ protection, and lock down everything (ie, never run any software that isn't checked against a checksum and isn't on a whitelist). Use something like Lethe. You might want to consider setting up an air gap. If your on an open source operating system, you'll have more options. Ultimatly you should set up the lowest permissions possible. Here's where understanding attacks becomes more important. You'll need to know how to not fall for spoofing attacks, etc... otherwise all of this will have been for nothing.

  7. First make sure that the firewall is set up to whilelist a few programs and only on a few neccasery ports. The rest should be reported and blocked. Use a second firewall based on different software if you can. Try to only trust popular open source software.

  8. Make sure all connections are protected by tls 1.2, and make sure everything is validated properly. Do not trust RC4, and prefer AES.

  9. Use a VPN if you don't trust your ISP, or (more importantly perhaps) the connection you are using to get to your ISP. Use Tor and other means to remain anonymous if you need too. Note that the exit node can act as a MiTM, so again make sure the connection uses tls.

The most important is point #1 followed by #4 and #5. If you are super carefull like this (air gap, high physical security, strong cryprography), it would fairly hard to compromise it. The most effective attack (probably) would be to physically replace something in the room without being caught, and you continuing to work without inspecting some small detail (like a physical keylogger installed into the keyboard, and editing the tapes/disabling the entire security system/the deadmans switch for the security system attached to your phone such it goes unknoticed).

0

A more simple answer is having a good Internet Security product, as well as avoiding any suspicious sites, links or downloads. Any device connected to the net is exposed to a lot of threats, yet many of them can be easily avoided and the rest can be captured using antiviruses and anti-spywares.
If you suspect having something running on your PC simply download superantispyware or Malwarebytes. Both are great free applications that can used upon any suspicion.

2

Monitoring the computer itself is one thing - you should probably expect you are being monitored if you are at work; it is an increasingly common practice among employers.

However, knowing if someone is watching your online activity (data sent to/from your computer) is impossible to tell from your local machine. Expect that, at some point, your data is snooped. Decide yourself what level of information you feel comfortable sending into that environment and how you choose to send it out.

1

If you need real security to deal with banking and such, then create/use a bootable liveDVD Linux OS (see Unetbootin). It won't allow any persistent viruses to be stored on the device (the device will be read-only, but temporary data will be stored to RAM disc, which evaporates when you shut down the system). I do this when I have to use an untrusted system.

1

The thing to keep in mind is that the computer belongs to your employer, not to you, so they have the right to monitor your activity. While something like a key logger may be too big-brotherish, logging what web sites you go to is not unreasonable. My former employer took the approach of just blocking certain web sites and unblocking them only if a reasonable request was made to do so.

If your employer is doing the monitoring this cannot be considered an attack. Disassembling your work computer would likely be a violation of company policy and, if you are a unionized shop, would also likely violate union rules unless you were a hardware technician.

0

I'm just a regular computer users and often use my computer office for personal purposes such as checking my funds in online bank. I want to know how to if my computer is being tapped or not.

Well, I have considered this issue in the past, but when I needed to do stuff without corporate overview, I simply would not do it on the corporate network.

Just remember, corporate systems, or systems connected to the corporate network, are the corporation's resources, and most anything they want to do is legitimate... That doesn't mean they are immune to laws regarding rights to privacy, but it gives them a lot of leeway to monotor what you do and what web sites you visit.

All that said, your personal uses, provided they are allowed by corporate computer use policies, should not be a problem in most cases - caveat user! :-)

Edited by rubberman

0

Use these softwares to prevent such monitors

Software that removes this ( free ) :
- Malwarebytes AntiMalware
- SUPERAntiSpyware
- Spyware Terminator
- Ad-Aware SE
- Spybot Search & Destroy

Paid & good solutions would be :
- Spyware Doctor
- Spyware Sweeper
- CounterSpy

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.