From e20489844c4204de0fa0eac793a19489e3f7de55 Mon Sep 17 00:00:00 2001 From: Mateusz Konieczny Date: Mon, 1 Nov 2021 15:31:28 +0100 Subject: [PATCH] rewrite Tor recommedation a bit - fix typos - change "optimal security" to "increased security", in many cases it would not be optimal given how many things will break on Tor - link issues discussing tradeoffs In general I would make it more clear that it is not always worth doing. Maybe "Advanced" should be "Advanced, has serious tradeoffs" with word tradeoffs linking separate page documenting issues mentioned in #19? --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index be552b2..6ffa1e3 100644 --- a/README.md +++ b/README.md @@ -251,7 +251,7 @@ This section covers how you connect your devices to the internet securely, inclu **Disable Unused Remote Access Protocols** | Optional | When protocols such as PING, Telnet, SSH, UPnP and HNAP etc are enabled, they allow your router to be probed from anywhere in the world, and so should be disabled if not in use. Instead of setting their relevant ports to 'closed', set them to 'stealth' so that no response is given to unsolicited external communications that may come from attackers probing your network **Disable Cloud-Based Management** | Optional | You should treat your routers admin panel with the upmost care, as considerable damage can be caused if an attacker is able to gain access. You should take great care when accessing this page, ensuring you always log out, or considering Incognito mode. Most routers offer a 'remote access' feature, allowing you to access the admin web interface from anywhere in the world, using your username and password. This greatly increases attack surface, and opens your network up to a host of threats, and should therefore be disabled. You could also take it a step further, disable the admin interface over WiFi, meaning the settings can only be modified when using a direct Ethernet connection. Note that disabling cloud management may not be possible on some modern mesh-based routers **Manage Range Correctly** | Optional | It's common to want to pump your routers range to the max, and often this is necessary, especially if you live in a large house, or desire coverage in outdoor spaces. But if you reside in a smaller flat, and have neighbors close by, your attack surface is increased when your WiFi network can be picked up across the street. It maybe worth carefully configuring your networks, and device antennas to provide coverage only within your operating area/ apartment. One method of doing so, it to utilize the 5-GHz band, which provides a faster link speed, but a lesser range, and is easily blocked by thick walls -**Route all traffic through Tor** | Advanced | VPNs have their weaknesses- you are simply moving your trust from your ISP/ mobile carrier to a VPN provider- Tor is much more anonymous. For optimum security, route all your internet traffic through the Tor network. On Linux you can use [TorSocks](https://gitweb.torproject.org/torsocks.git) or [Privoxy](https://www.privoxy.org/), for Windows you can use [Whonix](https://www.whonix.org/), and on OSX [follow thsese instructions](https://maymay.net/blog/2013/02/20/howto-use-tor-for-all-network-traffic-by-default-on-mac-os-x/), for Kali see [TorGhost](https://github.com/SusmithKrishnan/torghost). Alternativley, you can use [OnionPi](https://learn.adafruit.com/onion-pi/overview) to use Tor for all your connected devices, by [configuring a Raspberry Pi to be a Tor Hotspot](https://lifehacker.com/how-to-anonymize-your-browsing-with-a-tor-powered-raspb-1793869805) +**Route all traffic through Tor** | Advanced | VPNs have their weaknesses - you are simply moving your trust from your ISP/ mobile carrier to a VPN provider - Tor is much more anonymous. For increased security, route all your internet traffic through the Tor network. On Linux you can use [TorSocks](https://gitweb.torproject.org/torsocks.git) or [Privoxy](https://www.privoxy.org/), for Windows you can use [Whonix](https://www.whonix.org/), and on OSX [follow this instructions](https://maymay.net/blog/2013/02/20/howto-use-tor-for-all-network-traffic-by-default-on-mac-os-x/), for Kali see [TorGhost](https://github.com/SusmithKrishnan/torghost). Alternatively, you can use [OnionPi](https://learn.adafruit.com/onion-pi/overview) to use Tor for all your connected devices, by [configuring a Raspberry Pi to be a Tor Hotspot](https://lifehacker.com/how-to-anonymize-your-browsing-with-a-tor-powered-raspb-1793869805). Though see also [potential drawbacks](https://github.com/Lissy93/personal-security-checklist/issues/19). **Disable WiFi on all Devices** | Advanced | Connecting to even a secure WiFi network increases your attack surface. Disabling your home WiFi and connect each device via Ethernet, and turning off WiFi on your phone and using a USB-C/ Lightening to Ethernet cable will protect against WiFi exploits, as Edward Snowden [says here](https://twitter.com/snowden/status/1175431946958233600?lang=en). **Recommended Software**