In a world of technological dependence, I like most other professionals suffer from increasing degrees of paranoia, and fear that my person, presence, and logical footprint may be subject to some form of compromise, interception, or manipulation from any one of many exposures – a Paranoid State which has driven my acquisition and use of multiples of security defences with which I reduce my surface of attack from State-Sponsored invaders of all colours be they Chinese driven by Titan Rain type events, American under the banner of Prism; or any other manifesting out of the criminal-ventures which could have impact on my personal, and financial wellbeing.
So, having established that I am suffering from what I feel is an informed state of healthy paranoia, I have taken a number of steps to secure my operational use of technology by employment of a number of easy to use solutions which underpin a desired level of a safe technological lifestyle encompassing:
Mobility > e-Mail > Telephony > Messaging
To accommodate a level of serenity, I have evolved usage of, or recommend the following applications and tools, and start the conversation with focus on securing mobile telephony, repressing opportunities for all to enable of modicum of security into the life of the common man [and woman] when they make that call:
Mobile Telephony: On occasions where there is need to ensure that the mobile calls I make from my Cell Phone are subject to enhancement of security, over the basic service, I employ the Blackphone solution out of the Silent Circle stable [https://www.silentcircle.com]. This security enhancement comes in two offerings. Number 1 being hardware based device of the Blackphone cell-phone, fully enabled with their own modified circuitry, chipset, and in-built security functionality. Option 2 is in the form of a localised software installation on your own cell-phone, which in my case is an IPhone 6s. Whilst in both cases the user can make insecure none-encrypted calls to Granny, the key feature is, where the conversation is sensitive the Blackphone user may go secure and invoke the required level of VPN encapsulation to protect conversations. This providing a Black-to-Black fully fledged end-to-end secure communications channel; or Black-to-None–Black end device, which would be secured to the point of the Silent Circle Server presence only, with the onward unsecured channel out of that environment being delivered to the none complaint none Blackphone device – but then here half security is better than none. This service works well, is low cost at around $10 per month, is stable and represents for me a very good ROI.
e-Mail Security: When it comes to security of a cross-platform e-Mail system, with focus on all users who deserve to have the choice of using a mail platform that enables them with a level of defence without the need to get too tech. Here I often recommend Protonmail [https://protonmail.com]. Protonmail is service delivered out of Switzerland, and serves up the functionality to accommodate various levels of security and of course encryption. As with Blackphone Protonmail-to-Protonmail provides a fully secured channel between service enabled users. However, with Protonmail-to-none Protonmail environment, again as with the Blackphone the second leg of the logical journey is insecure. But here the user may impose a higher level of security by selecting additional levels of encrypted control which require the recipient to enter a password to decrypt the secured content. But this solution goes further and also allows the sender to set time-to-live rules against the communication, and to label the type of communication [e.g. Business, or Private etc.]. At Fig 1 below shows some of the key features of the mail application in action:
Fig 1:
Secure Messaging: We all utilise text messaging from time to time, and in this space my solution of choice comes in the guise of Wickr which supports iOS, Windows, Mac, Linux 32 & 64 bit, and of course Android [https://www.wickr.com]. Again here we have a very capable tool which enhances the security profile of this common activity by encryption, as well as other supporting key security features such as time-to-live, and Secure Shredding. Easy to use, and is also available for use in the corporate space with their Enterprise solution – great features, and highly recommended. [See below Fig 2]
Fig 2 – Wickr
Mobility and the VPN: Beit personal, or business related, we all encounter the dangers of connecting to public access points in hotels, airports, and of course on public transport. On such occasions as this, as soon as we go promiscuous over Wi-Fi, our communications are potentially open to man-in-the-middle attacks which can sniff out our passwords, and other such private/personal details. It is in this space my personal option of choice is to employ the very robust solution IPVanish [https://www.ipvanish.com] to secure my channels before I touch any potentially hostile, open link [and trust me I know having been compromised myself at time of an urgent requirements]. IPVanish is an easy to use security tool which mitigates what can be a significant and dangerous exposure when embarking on travels. Se Fig 3.
Fig 3
The above are just a few tools which are available to be used by even the most none-tech-savvy person who wishes to implement a tad of security to protect their logical-life. It may not be the ultimate desire of everyone to be Paranoid, but in my cases it does help with relaxation at night.
John is the Principle at Shadow-Intelligence (Si), partnering with PALISCOPE, BreachAware and iStorage. He is a Visiting Professor at the School of Science and Technology, Nottingham, Trent University (NTU) and holds the appointment of Editor in Chief for the International Journal of Cyber Forensics and Advanced Threat Investigations (CFATI). For the last decade he has delivered training courses in the Middle, and Far East to Commercial, Industrial, the Financial Services Sector, and Military Agencies, including the UAE, US, Pakistan, Saudi Arabia, Malaysia (KL), Singapore, Argentina, and Sao Paulo
He served in the Royal Air Force 22 years’, specialising in Counterintelligence, working with UK Agencies such as GCHQ/CESG, and others in the fields of SIGINT, COMINT and Satellite Communications, holding appointments such as System ITSO for a CIA SCIF.
In the commercials sectors of IT/Cyber he has worked for/with Logica, Bae, T5, GM, Experian, Betfair, Palace of Westminster, House of Lords/Commons, TSol (Treasury Solicitors) and provided Consultancy to the Saudi Arabian MOD, TRA (Telecommunications Authority (Dubai) and the Military Academy of Malaysia (KL) on SOC, CSIRT, Digital Forensics and OSINT. Within the last 5 years he has focused on Geopolitics, with global expertise around the UAE and Russia, Anti-Terrorist Operations (ATO), Cyber-Warfare, Dezinformatsiya (Disinformation) and Maskirovka (Military Deception).
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.