Information Security
Posted: Thu Oct 29, 2015 9:49 am
This is a puzzle to me.
Firstly, if anyone can recommend a site where I could discuss the issue and get good advice, I'd like to know.
I have, for the first time in a while, long-term frequently-updated information which I need to secure.
I'm keeping it in a dedicated virtual machine on my desktop. The virtual machine is encrypted at rest - that means if you power it down the secure information is encrypted. If you power it up then, from inside the virtual machine, the secure information is clear-text. You need a password to power it up.
There's no services running, all the ports are shut. No sshd, for example.
But, because the whole point is that I'm processing the information as it comes in off the Internet, there's an Internet connection. I'm sending none of the secure information offsite, but I'm acutely aware that anyone planting malware on the virtual machine will be able to steal the data. Stealing just a fraction is just as bad a prospect as having all of it stolen, and I can't easily work on the data unless it's clear-text. I think there's bound to be occasions when some of the data is readable.
My router is firewalled to block all unknown incoming requests. I'm sure it can be bypassed.
I'm sure my operating system has zero-day vulnerabilities which would allow root access, though I have no idea how it would be achieved. Anyone interfering with the process which applies security patches would have the capability.
Other than that I think I'm only open to someone stealing the physical desktop, having already acquired some of my passwords. I've upgraded my external doors and locks.
If I felt more confident about my router's firewall, I could block all outgoing connections to just a few specified IP addresses. My mail server, the security patch mirror. Nothing could then get out unless a malware process gets my email password and uses it to gain an outbound channel.
I'm considering wireshark outside of the virtual machine, logging non-email-related IO, and putting a cron job out there to intensive-scan the ports regularly to make sure they stay shut. I could check those logs manually every week.
Firstly, if anyone can recommend a site where I could discuss the issue and get good advice, I'd like to know.
I have, for the first time in a while, long-term frequently-updated information which I need to secure.
I'm keeping it in a dedicated virtual machine on my desktop. The virtual machine is encrypted at rest - that means if you power it down the secure information is encrypted. If you power it up then, from inside the virtual machine, the secure information is clear-text. You need a password to power it up.
There's no services running, all the ports are shut. No sshd, for example.
But, because the whole point is that I'm processing the information as it comes in off the Internet, there's an Internet connection. I'm sending none of the secure information offsite, but I'm acutely aware that anyone planting malware on the virtual machine will be able to steal the data. Stealing just a fraction is just as bad a prospect as having all of it stolen, and I can't easily work on the data unless it's clear-text. I think there's bound to be occasions when some of the data is readable.
My router is firewalled to block all unknown incoming requests. I'm sure it can be bypassed.
I'm sure my operating system has zero-day vulnerabilities which would allow root access, though I have no idea how it would be achieved. Anyone interfering with the process which applies security patches would have the capability.
Other than that I think I'm only open to someone stealing the physical desktop, having already acquired some of my passwords. I've upgraded my external doors and locks.
If I felt more confident about my router's firewall, I could block all outgoing connections to just a few specified IP addresses. My mail server, the security patch mirror. Nothing could then get out unless a malware process gets my email password and uses it to gain an outbound channel.
I'm considering wireshark outside of the virtual machine, logging non-email-related IO, and putting a cron job out there to intensive-scan the ports regularly to make sure they stay shut. I could check those logs manually every week.