Shran Config

[Shran]

ADDED: Private Internet Access VPN.

I'm going to be using a lot of public wifi at my library in the coming times, so I need a VPN. Also, for reasons completely unknown to me, one of my favorite online games uses an UNSECURED http connection to send login information when logging in so a VPN being doubly important there. How do I know for sure it's an unsecured connection? Well, to test it, I used Kali Linux on one of my computers to do a MiTM attack on another of my computers (don't worry, I did this to my own computer in my own home)... just a basic, ettercap + urlsnarf MiTM. No certificate tampering, just a very basic ettercap MiTM. I logged into the game on the victim computer and was very easily able to see my own log in information with the attacking computer. Again, I did not tamper with SSL certificates to read encrypted traffic, nor did the game website on the victim computer ever throw a certificate warning (usually when you are the victim of an attack like this, the browser will give you a certificate error, unless there was certificate tampering (such as the weakness with SHA1 where you could fool the browser into still thinking the connection was legitimate, thus not providing a warning), but like I said, there was no certificate tampering, no warnings... just plaintext traffic containing my precious log in details ).

 

[Cats-4_Owners-2]

A nice addition, a well done test, & a very eye opening result!
Your handle may now be upgraded with MI5 to "Shran-MiTM-Attacker"!

 

[Shran]

A nice addition, a well done test, & a very eye opening result!
Your handle may now be upgraded with MI5 to "Shran-MiTM-Attacker"!

My parents do not use a VPN; and my mother used to always ask for my help getting connected anytime a place had public WiFi - and I always refused. I tried explaining that on a public network someone who knows what they are doing can easily capture your network traffic but she thought I was being paranoid. I told her that one of these days I'm going to show you why I refuse to connect you to public WiFi - so a couple weeks ago I did a MiTM (again, my own house & computer) and said "Hey, Mom! Come use my computer!" She proceeds to use my victim computer. "Your username and password for *website name* is *name&password*". I showed her how I poisoned her network connection with an ARP spoofer and showed her the logs for all her traffic. She hasn't asked me for help connecting to public WiFi since. I think I got my point across finally.

 

[Cats-4_Owners-2]

I love stories with happy continuations!
The role reversals of parents & their children, particularly when you have gotten your point across by teaching something important to your mother which now protects her, further indicates your parents not only did a good job raising you, but also reveals the rewards of their loving job well done through you! You should be very proud too for she listened (in the end) and this is something wondrous you have probably inherited too!

 

[jamescv7]

Sometimes the technically of a security problems should be apply and demonstrated at a daily life dealing on a public WiFi so glad you made a convince move to your parents.

 

[Shran]

Update:

Removed the PIA application itself, but am still using PIA. Instead of using the PIA application which I have found to be very buggy - I have instead set up Windows to connect to PIA's servers using a L2TP tunnel (using Window's built in VPN connection capabilities). Now I have the VPN without the actual PIA manager bugging around. Also, I have found that my connection is much, much faster connecting to the VPN this way. When using the PIA manager, my connection was about 35 - 50 (sometimes as low as 20) Mbps. Using the L2TP tunnel with the VPN abilities built in to Windows, my connection is now around 75-80 Mbps. My actual connection without VPN is 100 Mbps; 75-80 is much better than 20-50.

 

[pneuma1985]

Purchased: Shadow Defender license

To bad I have like 5 paid licenses I'd have given you one

 

[Shran]

Update:
~ Manually disabled IPv6 for all network adapters - no need for it and a possible source of data leak.

~ Manually disabled Webcam in system BIOS - can't be activated now even if someone tried

~ Readded: PIA Application due to reasons discussed in this thread: L2TP/IPSec vs OpenVPN
In order to deal with some of the bugs in PIA's application, I have disabled PIA's DNS leak protection, but I manually set my DNS servers to PIA's for all network adapters - thus getting the same DNS leak protection manually without having to deal with the PIA app being buggy about it (on advice of PIA tech support).

Now if only the PIA kill switch would actually work...

 

[pneuma1985]

Update:
~ Manually disabled IPv6 for all network adapters - no need for it and a possible source of data leak.

~ Manually disabled Webcam in system BIOS - can't be activated now even if someone tried

~ Readded: PIA Application due to reasons discussed in this thread: L2TP/IPSec vs OpenVPN
In order to deal with some of the bugs in PIA's application, I have disabled PIA's DNS leak protection, but I manually set my DNS servers to PIA's for all network adapters - thus getting the same DNS leak protection manually without having to deal with the PIA app being buggy about it (on advice of PIA tech support).

Now if only the PIA kill switch would actually work...

Manually disabled as in all of IPV6? Not just the tunneling? Jw b/c i've read a bunch of security posts about the tunneling but that there is absolutely nothing to gain by turning it off completely. Not that I tested it you may have I know MS recently released an IPV6 patch so maybe there is a data leak in IPV6 if you tested it let me know? And this is strictly over VPN right?

 

[Shran]

Yes all of IPv6. I didn't test it all the way yet but honestly I have no need for IPv6b being enabled anyway

 

[Mihir :-)]

Nice and well secure configuration

 

[Shran]

Removed: Private Internet Access - Application is just too buggy for my taste. Their Customer Service however, was great and really did try their best to solve my issues, so based on their good CS I would still recommend PIA to someone looking for a VPN - if the Kill Switch isn't essential to you.
Removed: GlassWire
Added: Zemana AM [free]

Updated OP to reflect current set up.

 

[Shran]

Added: Norton ConnectSafe

Well, I guess I didn't add anything per say, since it isn't installing any software, rather, I changed my DNS servers to Norton's

 

[DracusNarcrym]

Added: Norton ConnectSafe

Well, I guess I didn't add anything per say, since it isn't installing any software, rather, I changed my DNS servers to Norton's

ConnectSafe is one of the most reliable DNS services for malicious domain blocking; Great addition.

 

[Shran]

Removed: Shadow Defender

I have been having random issues with my computer crashing, locking up, or windows explorer not loading properly since installing Shadow Defender a while ago; at first they were rare but now are occurring more and more often. Uninstalling Shadow Defender to see if it is what is causing the issues. Note: I had these issues with my computer before installing ZAM, so that is not the source of issue.

 

[Shran]

Added: LastPass premium [14 day trial]. I like that LastPass offers multi-factor authentication where Norton's does not. Trying before purchasing.

 

[Shran]

Well LastPass thinks my passwords are good
I am the 1%... hahahaha

 

[Shran]

Changed: Default browser from Chrome to Firefox. For some reason, CCleaner no longer cleans Chrome history, cookies, etc. even though it is supposed to. Not sure if an issue with latest Chrome version or CCleaner version.

 

[safe1st]

Good setup tho, simple but it looks safe

 

[Shran]

Loving LastPass so far - Just a couple things I need to check regarding the multi-factor authentication. The way multi-factor authentication works with Google Authentication is that LastPass (or, whatever website you have paired with GA) and the authentication exchange a secret key linking the two. I.E. when you set up LastPass to use Google Authentication by scanning the barcode or entering the code manually, LastPass sends a secret key to GA which will be stored in the GA appl linking the two and enabling GA to generate one time codes for LP. This key is what enables GA to generate codes which LP will accept - basically the secret key identifies that the code generated is for that account. It could theoretically be possible that if a trojan or MiTM attacker were on your network that they could obtain that secret key and thus bypass the multi-factor authentication by generating their own codes. Also, it might be possible for said trojan to obtain the one time code generated, and initiate its own login session using that code (even though it's supposed to be a one time code).

I will research this and update here with my findings.