As the state of cybersecurity continues to advance, awareness about hacking attacks and similar events are continuing to occur. New exploits are being found every day, and the number of ransomware attacks and hardware exploits increase every day. At this time of uncertainty towards securing one’s self and personal data, greater importance is being placed on personal cybersecurity.
Even though experts everywhere agree that there is no such thing as an “unhackable” system due to the vast amount of entry points, exploits and attack vectors, there exist solutions that can make users’ PC pretty much as close to it as possible. Upon the worst-case scenario occurs, data can also be set up to be accessible to outside parties, thus keeping it safe from unauthorised invaders.
Join us as we take a deeper look into how to increase cybersecurity through simple processes, and how to create a system that leaks no sensitive data upon breaching.
Ground-Up Approach To Cybersecurity
Firstly, it is important what parts to pick to create this PC. The first step is to pick components that have no history of hardware-level exploits such as the Spectre, Meltdown and Spoiler exploit present in Intel processors. After building this, it is also worthwhile to invest the time in learning a Linux-based operating system. Windows as a whole has multiple exploits, some of which haven’t even been discovered yet. This creates multiple avenues of attack for hackers and opens up the computer.
Moreover, Linux also has multiple options for securing systems, along with a smaller number of exploits, and by extension variables, that open up avenues for breaches. It can also be set up to work closer with the other methods that can be used for ultimate security.
One of the most popular methods of securing a system is a practice referred to as ‘air gapping’. Air Gapping means that the system that undergoes this process has not been and will never be connected to the Internet.
This eliminates a large number of avenues of attack on the system, as hackers tend to utilise a computer’s connection the Internet to deliver payloads that contain malicious code. Even though Internet best practices, such as not clicking on suspicious links and keeping systems up to date, deter attacks, they do not completely protect against them.
As mentioned previously, it is almost impossible to completely protect one’s self from hack attacks when connected to the Internet due to the number of entry methods available. When a computer is taken offline, a large number of access points to the system is cut off, leading to one avenue to protect; physical access.
This can also be monitored closely. For example, if the system is present at home or at a place where it is easy to secure it, it provides a high level of security. In the case of illegal activities, it is possible that this location might be compromised as well, which creates an interesting scenario.
Security In Everyday Access
The air-gapped computer must not be connected to the Internet at any time, and must not have any form of wireless communication. This includes Bluetooth, Wi-Fi and NFC, as all of these can be exploited to open up a possible avenue of attack to the computer. Any and all ways to interface with the computer must be strictly local and wired.
It is also worth investing in a system for multi-factor authentication for logins. Phones are generally not considered a good method of providing a second factor of authentication, as they can be compromised through social engineering attacks. An authenticator app on a mobile device can be used for two-factor authentication, but the most reliable method of enforcing this practice is by a USB fob that authenticates when connected.
These devices, which are usually referred to as U2F or universal second factor, provide an additional level of security altogether. A normal use case of this key would involve the user plugging it in to authenticate a login, with passwords ideally being of 40 characters or more. The only way to login to the computer would be with the use of MFA.
Hard disks are also required to be encrypted with industry-leading encryption methods that are known to be extremely difficult to break by brute force. The hard disk should also be authenticated by the use of the USB key to preventing unauthorised access by copying the hard disk.
Notwithstanding, the USB key must be easily destructible in case of an emergency, so as to cut off all access to the data on the computer. All data on the air-gapped computer is to be stored locally, with the need for more encryption when it comes to sensitive data.
Bringing Data Back After Destruction
There are multiple ways to keep a secure backup of the data on the computer. One of the best methods is to use an encrypted, high-capacity, flash storage drive such as the IronKey to keep backups on.
Two IronKeys can be utilised, with the same data copied on both of them for redundancy. One can be stored in a bank locker or private institution, while another can be kept in a secure and accessible location on the premises.
Another approach to preserving the data so it can be accessed only by the user is to encrypt it and back it up on a multitude of SD cards. These are small and come in a variety of storage sizes to accommodate any needs of the user. After packaging the data into a 7-zip archive and encrypting it, the data can then be duplicated and stored on multiple SD cards. These can be hidden in locations all around the house, such as behind walls or in the ceiling.
The cards can also be hidden in seemingly inconspicuous locations, such as in the frame of a photograph, and gifted to a relative or close friend. This decreases the possibility of the data being lost if the location is compromised.
Even though it is difficult to ensure complete ‘unhackable’ nature of a computer, there are many ways to come close to it. Following these practices will protect sensitive data from all parties except those with unending pools of money and manpower.
