I don't do anything illegal but with the work I'm involved in, I can'f afford any compromises because my employer is autisic that way (no I don't work for the DNC).
As such I want it to be secure and mask wherever I go and whatever I do, if at all possible. I know VPNs are obvious but I'm wondering if you guys had any tips or tricks. Thanks.
Other urls found in this thread:
start by not using your personal fucking computer for work stuff you dingus
Was expecting Tails meme as first response. Disappointed.
Who said it was going to be personal, dingus
Install hardened Gentoo
Holy fuck this board really is useless.
You should know, can't even figure out some basic shit without being spoonfed
Computer tech isn't my expertise, hence why I went to you guys.
If you're going to meme go to another thread. If you're not going to be helpful then you can just leave.
This board is for shitposting you cock muncher.
Ask your security handlers
install hardenedBSD, that way you will be totally safe
>looking for actual information
>posts on Sup Forums
>must be Sup Forums's fault
Image the laptop and encrypt the disk. Never let them look and when you return it re-image with original image unencrypted to render residual encrypted information useless.
Looks like OP's got a little attitude on him
You haven't given us dick for details
>hur dur my employer is autistic and won't allow any breeches in security however, he doesn't outfit us with the necessary equipment and software to obtain such a goal hur
Who's trying to track you, how, what type of environment do you do most of your work, step it up a little OP.
If you're looking for goverment paranoid level shit then use Qubes OS, it's pretty good for browsing the deep web or just general secure browsing, but you have to install the OS on the computer.
No one asked, they memed.
>Who's trying to track you,
Corporations mostly. Gov would be a plus just because.
>how
Wifi, ethernet
>what type of environment do you do most of your work
I travel so, but mostly from home, sometimes at work depending on the project
penis penis penis
use incognito mode
If it's just basic stuff like that just combine the vpn with other browser extenstions like https everywhere, disconnect, blur, and noscript.
Basically I want to mask my IP and be behind 7 proxies
Dude one is enough, unless they have a backdoor on your computer, no level of tracking should break the vpn unless it's unencrypted.
And if you're serious invest in a paid vpn, becuase that will most of the time give you the best protection, I've had the best luck with services such as tunnel bear for windows, and bitmask for linux.
So a VPN is an obvious must.
Should I consider encryption at all?
Encrypted vpn, and with your computer I would recommend using veracrypt to create encrypted volumes if you're suspicious of people snooping on your computer, you can also try whole disk encryption as well with the same program, but this usually takes a while to do. Even if you have a password on your computer, if you leave it unattended for a while a person can easily break in with a boot usb and some forensics tools easily found on the web and make a copy of your hard drive without you knowing it.
Use Qubes OS and Whonix in a VM. Then use tor for everything inside the whonix VM. As for any other VM use hardened BSD or Debian with SElinux.
be careful to avoid DNS leaks- be sure to route DNS requests (ALL traffic, not just TCP) through your VPN of choice.
Thinkpad x200, libreboot it, then install tails on it or just install some linux distro on it in general and use a VPN.
Tin Hat GNU/Linux
TinHat is a Linux distribution derived from hardened Gentoo which aims to provide a very secure, stable and fast Desktop environment that lives purely in RAM. TinHat boots from CD, or optionally a pen drive, but it is not a LiveCD. It does not mount any file system from CD via unionfs or otherwise. Rather, TinHat is a massive image (approx. 2.3GB) which loads into tmpfs upon booting. One pays the prices of long boot times (5 minutes off CD, 2 minutes off pen drives), but the advantage afterwords is that there are no delays going back to the CD when starting applications. Needless to say, this has some rather extreme advantages and disadvantages, making TinHat a rather particular distribution.
TinHat was conceived as a challenge to the old mantra that physical access to a system means full access to the data. This is certainly true in the case of unencrypted file systems, and at least potentially true in the case of encrypted. Rather, TinHat aims towards the ideal of guaranteeing zero information loss should the attacker physically acquire the box --- either the adversary is faced with no file system to even begin cracking, or if any non-ephemeral memory is found, the adversary should not be able to tell if he is looking at encrypted data or random noise. Of course, achieving this ideal is impossible, or at least highly improbable, but it is nonetheless something one can strive towards. TinHat is a baby step in that direction.
Even before sitting down and thinking of the technologies one could use for such a project, other considerations pop up. Obviously if the user is able to get to the data, then in principle so can others. These issues impinge on the user's social situations: What happens if the user walks away from a running system where he is logged in? A classic problem. What happens if he is coerced into letting the adversary in while the system is up? If the user is uneasy keeping his personal files in RAM, he may want to back them up to encrypted drives. Then the window of a "coercive attack" extends beyond the uptime of the system. What if the user is watched via a secret surveillance camera? What about a hardware keylogger? Or a microphone listening to the unique sounds of keystrokes on a keyboard? How deep does the rabbit hole of paranoia go?
Let's set aside the social engineering attacks for now and focus on the major technological obstacles. Recent advances in cold boot attacks, where data in RAM (such as encryption keys) can be retrieved even after a system reboot, have put our goal even further beyond reach Utilities like msramdmp can be used to dump the entire tmpfs root file system of TinHat for forensic analysis. The situation seems bleak, but this just gives us opportunity for more clever ways of encrypting/hiding data in RAM itself --- at least until hardware solutions come along. This is clearly the direction in which we would like to develop TinHat, but must admit that we are stumped. No matter how many layers of encrypts we add, we cannot avoid keeping clear key somewhere in RAM.
Of course, the ideal that "physical access == zero information loss" would be useless if TinHat didn't also protect against the more familiar network/code born exploits. For this we employ GRSEC/PaX technology which is a reliable security solution already integraged into major Linux distribution by the Hardened Gentoo Project. Since TinHat provides an option between Gnome, XFCE4, or FluxBox desktop environments running on top of X, some compromises in security had to be made; however, these are noted so that the user is aware of their existence. Little can be done on generic hardware; however, we have found that on specific motherboard/video chipset combinations, hardening features which would otherwise break X can be enabled. For this reason, we not only provide polished ISO images for immediate use, but also our "cookers," VMware virtual machines which we use to make the ISOs.
Finally, TinHat has a secondary goal. Since we are running purely in RAM, TinHat is fast! If "Zero Information" is one subtitle that we can append, another would be "a Glorious Waste Of RAM". TinHat requires about 5 GB to run comfortably, 4 GB for the tmpfs root file system, and 1 GB for paging. If one wants to further reintroduce Gentoo's portage system and/or the kernel source tree, 5GB becomes a very tight squeeze. Forget adding any more software after that, which leads to the paridoxical sitatution: why else would you reintroduce portage/kernel trees if you don't plan to add any new software? Although we provide an i686 release, in our lab we run the amd64 version on 8 GB boxes in which we reintroduce portage/kernel and add the entire Open Office suite. One gets spoiled when your word processor pops up in mere seconds!
>getting your workplace tech support from Sup Forums
I don't think that's any better
pastebin.com
you are welcome
This is helpful, thank you.
>1. install your o.s. of choice on a usb stick
>2. acquire laptop
>3. remove hdd from laptop
>4. only boot from usb
>5. use another usb to save files
That's it. It's un-compromisable unless you're exploited while using the system or someone steals your 2nd usb.
You will not be able to bookmark pages or save passwords like a normie but that's the only downfall.
Install Linux, use full disk encryption, use 64 character passwords, use gpg encryption for emails
>Who said it was going to be personal,
If it's work's laptop it's their problem to get and keep it secured, not yours. Follow the security policies to the letter. Don't try to improvise your own additional approach, unless you want to take the fall for anything that goes wrong.