10
Kyu96
6y

Because I am very interested in cyber security and plan on doing my masters in it security I always try to stay up to date with the latest news and tools. However sometimes its a good idea to ask similar-minded people on how they approach these things, - and maybe I can learn a couple of things. So maybe people like @linuxxx have some advice :D Let's discuss :D

1) What's your goto OS? I currently use Antergos x64 and a Win10 Dualboot. Most likely you guys will recommend Linux, but if so what ditro, and why? I know that people like Snowden use QubesOS. What makes it much better then other distro? Would you use it for everyday tasks or is it overkill? What about Kali or Parrot-OS?

2) Your go-to privacy/security tools? Personally, I am always conencted to a VPN with openvpn (Killswitch on). In my browser (Firefox) I use UBlock and HttpsEverywhere. Used NoScript for a while but had more trouble then actual use with it (blocked too much). Search engine is DDG. All of my data is stored in VeraCrypt containers, so even if the system is compromised nobody is able to access any private data. Passwords are stored in KeePass. What other tools would you recommend?

3) What websites are you browsing for competent news reports in the it security scene? What websites can you recommend to find academic writeups/white papers about certain topics?

4) Google. Yeah a hate-love relationship, but its hard to completely avoid it. I do actually have a Google-Home device (dont kill me), which I use for calender entries, timers, alarms, reminders, and weather updates as well as IOT stuff such as turning my LED lights on and off. I wouldn"t mind switching to an open source solution which is equally good, however so far I couldnt find anything that would a good option. Suggestions?

5) What actions do you take to secure your phone and prevent things such as being tracked/spyed? Personally so far I havent really done much except for installing AdAway on my rooted device aswell as the same Firefox plugins I use on my desktop PC.

6) Are there ways to create mirror images of my entire linux system? Every now and then stuff breaks, that is tedious to fix and reinstalling the system takes a couple of hours. I remember from Windows that software such as Acronis or Paragon can create a full image of your system that you can backup and restore at any point to get a stable, healthy system back (without the need to install everything by hand).

7) Would you encrypt the boot partition of your system, even tho all data is already stored in encrypted containers?

8) Any other advice you can give :P ?

Comments
  • 4
    watch the defcon conference youtube videos.

    https://youtube.com/user/...

    also learn about wireshark
    and any gnu/linux distro is fine.
  • 6
    Can’t mention name on posts

    @linuxxx
  • 2
    Hey, if you're new to Linux, just use something which is friendly. Any distro is fine, I'd say Ubuntu or fedora. Use encryption on disks. Lookup LUKS or setup LVM encryption during distro install.
    Not sure what you're talking about encrypted containers? What does this achieve?
  • 2
    These are the sites I follow. They are pretty good.
  • 3
    @siliconchips Google VeraCrypt. An open source successor of TrueCrypt. Put your documents in a box and lock it.
  • 2
    Follow infosec people on Twitter. That's another gold mine.
  • 1
    1) Personal choice Manjaro Linux. Tired of reinstalling arch again and again, end up with Manjaro.
    2) I don't use it but I think I should recommend Brave Browser. I do my probings on Firefox with Burp Suite
    3) r/netsec, thehackernews
    4) If there isn't any good alternative? why not start a project for it?
    5) Used to root every phone I owned. Rooting and customizing is the first thing I do to a new phone. But then after lots of customisation, everything became unstable. Thus, I don't root anymore. If I'm not root, how can the malware get root? (of course advanced ones can root it themselves)
    6) Lots of softwares can do that. simplest thing is 'dd'. It copies the device/file block by block. Or Clonezilla
    7) I really should be encrypting everything, but too lazy to setup encrypted LUKS or whatever system. Previously used TrueCrypt's hidden volume before it was discontinued and morphed into VeraCrypt.
    8) It's basically impossible to learn everything in security as it is very very broad
  • 2
    @devTea Thanks for the mention, will try to reply when I get up!
  • 1
    1) my go-to is Kubuntu or KDE neon or just debian with KDE plasma as desktop environment. Windows is a no go for me as it's closed source and thus can't be audited independently. Qubes uses an entirely different approach to general operating systems, I'd love to use it but for every day use its slightly hard for me.

    2) I've got about the same setup :) although I do use my self hosted searx instance as well. I don't store everything in containers though. Reason: got disk encryption and I like convenience!

    3) First one: fossbytes.com/theregister.co.uk.

    4) I use the payment option for my devRant ++ subscription and except for that (very few exceptions) I don't use it.
    Mainly because it's integrated within worlds biggest mass surveillance program ever created. I'd rather shoot myself before getting a Google home :)
    No suggestions from me, I don't like them anyways.

    5) removed Google shit from my phone, rooted, xprivacy, root firewall, vpn full-time.

    6) no clue

    7) not sure, haven't looked at the pros and cons yet.

    8) nothing right now :P
  • 1
    @linuxxx Haha thanks for your reply. I'll add fossbytes to my technews bookmarks. I've never used Qubes myself but I heard its pretty good, so I might give it a shot at some point.
  • 0
    @linuxxx Oh btw, what's a good alternative for google drive that doesn't require self hosting and has proper syncing on linux & windows?
  • 0
    @Kyu96 Have you checked spideroak? Except for that, no clue, I self host a lot 😅
Add Comment