Internet security.. What do you do?

Discussion in 'Shiny Things' started by gmk999, Feb 13, 2018.

  1. gmk999

    gmk999 ____ as a Rotax

    Joined:
    May 2, 2011
    Oddometer:
    3,540
    Location:
    New England
    I have Norton 360 on my PC at $100 per year.
    I have no Idea what it does for me, aside from sending me emails telling me how much better my life is with Norton in it.
    Anyway it is time for renewal.. Do it? or is there a better option?
    #1
  2. Got_Carbs?

    Got_Carbs? Adventurer

    Joined:
    Oct 7, 2017
    Oddometer:
    34
    Location:
    NYC
    No. Common sense and a good adblocker like uBlock Origins. Ive never got infected.

    Edit Setting up the firewall is worth it too
    #2
    gmk999 likes this.
  3. sparkingdogg

    sparkingdogg Prisoner In Disguise

    Joined:
    Apr 15, 2014
    Oddometer:
    5,230
    Location:
    Omahell, Nebraska
    My interwebs provider gives me all that stuff for free. They should, for what I pay per month.
    #3
  4. RVDan

    RVDan Long timer

    Joined:
    Jun 4, 2010
    Oddometer:
    5,637
    Location:
    Abbotsford British Columbia Canada
    I just have nothing worth stealing on my computer. So far so good.
    #4
    acesandeights likes this.
  5. BillsR100

    BillsR100 Happy Paleoflatus

    Joined:
    Nov 25, 2006
    Oddometer:
    4,502
    Location:
    Edmond, Oklahoma
    If paying $100 per year makes you feel safe and sleep well at night, then keep it.
    Would I pay for antivirus? No.
    I simply use built in Windows Defender. It's free, it's easy, it works.
    I also use an AdBlockPlus and Ghostery. I'm an software guy, I write web pages, I live on the internet.
    #5
    Bodwick and =o&o> like this.
  6. AdamChandler

    AdamChandler n00b

    Joined:
    Feb 29, 2016
    Oddometer:
    1,486
    Location:
    Hanover, NH USA
    Browsing responsibly online is going to go a lot further than lock & key protection. Sort of like people who carry hand guns and people who can avoid conflict and know how to avoid using one.

    With that said, most of the tools I have installed at the network level and local level are there to protect my privacy, less so to protect me against a virus.

    Private Internet Access VPN 5 device plan all of my devices connect to the Internet through a VPN in Sweden.
    1 Blocker for Safari on iOS & Mac
    Ghostery,Ad Block Plus as well
    No cookies from 3rd party sites
    I run Little Snitch on my iMac & MacBook Pro to monitor new unknown outbound connections from apps
    I have a pre-shared key for all devices that want to access my home network (I have another wifi network for guests only that's just internet)
    I use a DNS server for my hole home that also blocks most ad-networks (stopped seeing ads on my Samsung TV after changing that setting)
    I don't use any Google products except YouTube mostly out of necessity but I pay for YT red so I'm not seeing ads
    I don't use any social networks except forums like this where you can know the owners and actually have a dialogue versus most social networks
    I regularly reset my ad-trackers on all devices to clear my tracks
    2-factor & 2-step authentication on every online service I use....more importantly, to see an SMS message on my phone, requires my fingerprint..if you have text messages showing on your phone display w/o authentication (very convenient), anyone with your phone & unlocked laptop could essentially do the 2-step authentication w/o needing your finger-print or faceID.
    I actually do run antivirus (ESET Cyber security) but only because my work requires an active antivirus be installed to hop on their VPN. They check and if one isn't present, I can't access some of our services. It's $70 for 2 years and 2 computers.

    There's significantly more things I do but those are the big ones. Yes I have a VPS (in London) that I use for my blog, photos, videos, email its also all of that behind a pre-shared key on my devices but I don't put anything on there I can't afford to lose. The rest of it is stored locally on my NAS at home and synced up to a Glacier account just in case my house burns down but all of my data has parity drives locally for 48 terabytes of usable space.

    Running Ubiquiti hardware USG_Pro and their POE switch with 4 long range 802.11AC MIMO APs. all locked down as much as I know how to do...mostly out of necessity. You can use my WiFi 600 feet away. the house 3 down can get on my Wifi and watch HD video so with that long of a range, it opens me up to any potential hackers. I have basically have 4 access point radios with 4 bands and 2 radios (maybe my technical terms are off here) that each have a theoretical 800 foot range...but then you add walls, hills, etc so it's about half that to 600.

    ---

    no system is fool-proof. every system is hackable. all you can do is practice safe browsing habits and scrutinize links. if something is suspicious in an email, right click copy the URL paste it in your browser if it looks weird or ends in *.ru, then don't click enter and never enter your password into one of these sites. It looks like paypal or dropbox but it's not.

    ---

    One of the new scary things for me...less so as I run 1Blocker and am on a Mac is Javascript Crypto currency mining. While you're on a web-page, some server in asia is using your CPU to make bitcoins. It goes mostly undetected and of course stops when you close the window. Running a system monitor is a good way to find services that are transferring a lot of data or using a ton of CPU/GPU cycles
    [​IMG]



    So to the OP, you can go hog-wild with security. The sky is the limit! These days, you're better off jus not using the Internet at all. that's the ultimate protection. That and get rid of your cell phone, credit cards, TV antenna, home phone and start working only under the table jobs with nothing financed.
    #6
  7. acesandeights

    acesandeights Noob

    Joined:
    Jul 2, 2008
    Oddometer:
    5,626
    Location:
    So. Oregon
    I use Trojans.
    #7
    a1fa likes this.
  8. NikonsAndVStroms

    NikonsAndVStroms Beastly Photographer

    Joined:
    Jun 23, 2007
    Oddometer:
    58,653
    Location:
    The Hub of the Universe
    100 dollars!?! I only spent 20 bucks for norton security deluxe for 5 users :deal

    Even norton premium (which has the backup and family protection features) which has a 10 user license is only 38 bucks on Amazon right now.

    Always buy it through Amazon, B&H etc. renewing directly from Norton costs way too much $$$$

    And if you don't need those additional features of premium/have 5 or fewer devices go for Deluxe.
    #8
  9. MeanMoe

    MeanMoe one really mean cat

    Joined:
    Oct 26, 2004
    Oddometer:
    2,657
    Location:
    Boonies
    F-Secure. Three years, 3 computers, $100 US. They are in Europe so they then to see the garbage before it gets to the US. Haven’t had issues in the 15+ years that I’ve used their products
    #9
  10. troidus

    troidus Long timer

    Joined:
    Sep 1, 2010
    Oddometer:
    35,028
    Are you doing that on purpose? If you want your neighbors to be able to use your network, fine, but if not, turn down your power level. It'll do both you and your neighbors a favor.
    #10
  11. AdamChandler

    AdamChandler n00b

    Joined:
    Feb 29, 2016
    Oddometer:
    1,486
    Location:
    Hanover, NH USA
    I live in a lake-side community and regularly go out on the boat, to the docks or down the street for a campfire. And we don't have cell phone service in our area...no service for 2 miles in any direction...if you do get some, you get "1X" not even 3G so I actually really ike having the WiFi reach that far and took appropriate precautions to manage it.

    Northern NH is still not a place where you can stream music over cellular reliably...Heck, until this house, I was capped at 1.5 megabit DSL....no youtube for me. finally in an area w/ Comcast at 200MBps
    #11
  12. troidus

    troidus Long timer

    Joined:
    Sep 1, 2010
    Oddometer:
    35,028
    If a number of you do that, you should coordinate your channel usage so you don't stomp on each other. Everyone should be using 1, 6, and 11 in the 2GHz band, making sure adjacent houses aren't using the same channel. (I don't think the 5GHz channels overlap, but you still don't want to have adjacent houses using the same channel.) Even better would be if you all set up open guest access, so you could all turn down your power levels for your secure networks and roam the neighborhood on guest.

    Edit: I see you want access out on the water. If you have an AP for that purpose, you could keep that one cranked and turn down the rest after the neighborhood network is reconfigured. Also look into the microcell for your cellular provider.
    #12
    AdamChandler likes this.
  13. ericm

    ericm Long timer

    Joined:
    Sep 12, 2002
    Oddometer:
    1,448
    Location:
    Santa Cruz Mountains, California
    I'd assume that he's not leaving his AP wide open.

    I think that using a VPN is overkill for most people. The VPN encrypts all your WAN network traffic, and for some applications makes it look like you're located at the VPN endpoint (phone apps are going to report your real location). But attacks on the WAN network traffic of normal people are pretty much non existent. If you have black NSA vans with antennas parked next to your house that's a different issue (and just encrypting your network traffic won't keep them out; they have many other attack vectors). For more typical attackers there's just so many easier ways to attack. If you need to appear to be elsewhere for some reason, that's a good reason to use a VPN.

    The biggest security problem for most people is connecting to the internet using vulerable operating systems (i.e. Windows). You either need to add software to try to protect it or use an OS that has better security. Some flavor of Unix (Linux, BSD etc) is best. MacOS not as good but better than Windows. With whatever you're using you need to keep up to date on patches. Downrev software is the next largest security problem for ordinary people.
    #13
    AdamChandler likes this.
  14. Gompie

    Gompie Been here awhile

    Joined:
    Jun 16, 2011
    Oddometer:
    311
    Thanks! just checked the site quickly, can't find the three year offering, but pricing seems decent with included VPN. I might be wrong, but on bookings I think I get screwed without a VPN.
    #14
  15. AdamChandler

    AdamChandler n00b

    Joined:
    Feb 29, 2016
    Oddometer:
    1,486
    Location:
    Hanover, NH USA
    The Topology is pretty basic:
    1. My APs have 2 SSIDs
    -One locked down with the PSK and quite a bit of security. This allows access to my NAS, HomeKit, Media center PC, Plex, Printer and SMB/AFP access to my computers
    -One wide open that if you connect to it takes you to a login window. 2 Neighbors have been given access to it out at the dock but I change the password every month so they're not auto-connecting
    2. The neighbors are all retirees....they have the standard Linksys WRT setup so I don't even see their networks and while they see mine, they don't have access to it...it's really to my benefit.

    As for the channels I'm using...I think I'm setup to have my APs pick their own channel automatically based on interference. So the channels change on demand and of course my devices can move around the property w/o any gap in coverage as it's not a mesh but works pretty well to hand-off w/o issue.

    I do agree that it might be a good idea to reduce power of the guest network. That might be a good idea.

    I have a Verizon 3G Micro-Cell that I bought on eBay for $249 2 years ago. It works well enough that at least when friends come over they can still make calls but now that Verizon WiFi is rolling out to become more standard, that works much better than the micro-cell. I keep it turned on though!

    Here's a photo of the rack..you can see the VZW cell hanging off to the side..and regarding cable management, I've completely re-done this this was just the initial setup.

    [​IMG]
    #15
  16. shores

    shores ElBandido

    Joined:
    Jun 19, 2010
    Oddometer:
    2,008
    most people are the security problem, not the browser or OS
    people click on things, they fill out phishing forms, they set their password to something ridiculously easy, the human side is always the weakest link

    your setup looks like it sucks lots of power
    back when i was a young whippersnapper i had a cool rack and stuff at home
    i have gigabit internet at home, from the company i work for as a network admin
    i have a decent home router, and an ap, locked down but hardwire as much as i can just for less radiation as much as security

    slim and less power usage=less bills, as we have the highest electricity rates in north america

    also, just because your AP's can transmit far, doesn't mean the clients can do anything with it, at least not well.
    transmit on most clients are much worse than the receive from the strong AP's,so seeing the signal, and being able to do anything decent back up to the AP, are far different.
    #16
  17. AdamChandler

    AdamChandler n00b

    Joined:
    Feb 29, 2016
    Oddometer:
    1,486
    Location:
    Hanover, NH USA
    RE: Power 150 watts concurrent

    I can watch HD video down at the dock w/o any buffering or artifacts.
    and we have solar panels but when I leave the house, the whole house is consuming about 200 watts with lights and everything powered off (but plugged in) so that includes AppleTV x3, Shield Pro, vampire draw from variou appliances, the iMac in sleep mode and the network setup.
    #17
  18. Got_Carbs?

    Got_Carbs? Adventurer

    Joined:
    Oct 7, 2017
    Oddometer:
    34
    Location:
    NYC
    Start using Ublock origins instead of adblock plus. It has a host file that can block crypto currency miners. Enable it, among others in the settings.
    #18
    AdamChandler likes this.
  19. AdamChandler

    AdamChandler n00b

    Joined:
    Feb 29, 2016
    Oddometer:
    1,486
    Location:
    Hanover, NH USA
    Awesome!! Thanks for the tip.
    #19
  20. Got_Carbs?

    Got_Carbs? Adventurer

    Joined:
    Oct 7, 2017
    Oddometer:
    34
    Location:
    NYC
    I just saw you are using Safari. Dont think ublock origins is available for it. Only Firefox and Chrome. Becareful of fakes as its open source software, so anyone can build it and distribute it with who knows what mixed in.
    #20