Saturday, January 30, 2016

Chromebook Security:A real life story

I've never taken the time to blog about anything personal or work related for that as both of those things I would rather keep private. But this story is just to good to not tell. Back in late November my mom asked for a laptop for Christmas. My parents were leaving on a long four month vacation and she wanted something that she could do video conferencing on for family back home. After asking what all she needed to do with it I opted to get a Chromebook for her.

So I configured it appropriately with an EFF Guide. Which is located here:
https://www.eff.org/deeplinks/2015/11/guide-chromebook-privacy-settings-students

and here:

https://www.eff.org/deeplinks/2015/11/guide-google-account-privacy-settings-students

And was literally all set within a matter of a few minutes.

Here is where things got fun. So I chatted with both my parents over google hangouts one evening and my mom oddly enough said she had to call a company because she was a pop up displayed she was infected with a virus. At first I was taken back a little.... and after I had her repeat the statement she said yes it was infected with a virus so she called the number on the screen. A popup similar to this:



The next thing I asked was what did they say and I shit you not word for word in a heavy thick Indian accent. "Well since you have a chromebook there is nothing I can do. Just throw it in the trash and get a real computer."

Then the guy hung up. My parents said they just powered the laptop down and the message went away. They now know to call me instead of something like this again.

I am now a believer in Chromebook security.  Especially when something stupid like this happens.

Friday, January 22, 2016

So WTF Google?

Update: My Chrome browser has been updated this evening. No alerts about my centos7 systems no longer being supported. All is right again with the world. 


I run a small number of Cent OS 7 desktops in a virtualized environment. After updating to the latest version of google chrome I was met with a nasty message that my Linux system will no longer be supported.

So wtf google?

I'm running a current centos 7 64 bit Linux workstation and you are dumping support for it?

So I am taking to google's support page and I take a look at what is supported.


Pushing chrome support out of centos and RHEL  seems like a mistake for corporate customers. I can understand discontinuing support for 32 bit Linux. But a current major distro that is 64 bit.... Hopefully someone at google will see this after I tweet this for some clarification.

Sunday, January 10, 2016

Guidance for Protected Browsing

This is some best practice guidance for google chrome. This should be done first before any browsing is to be done.

Works best if you compartmentalize your browsing through a virtual machine or read only cd media.
Virtualbox is free for personal use - https://www.virtualbox.org/wiki/Downloads


EFF guide to chromebook privacy
https://www.eff.org/deeplinks/2015/11/guide-chromebook-privacy-settings-students

@attrc HowTo: Privacy & Security Conscious Browsing
https://gist.github.com/atcuno/3425484ac5cce5298932


Use the following Chrome Add on's as a minimum
HTTPS Everywhere
Privacy Badger
Ublock Origin


Use a VPN before browsing use

Under Chrome Content settings set plugins to do this:


If you want to get into hardcore mode go to chrome://plugins
Disable adobe flash player

You may find your browsing experience doesn't require flash for daily use.

Use a chromebook and do all the above. Chromebooks work great because users can install extensions only. Executables and such won't run on chromebooks. The risk of malware is low.

Compartmentalize

Compartmentalize

Compartmentalize

I can't stress it enough when it comes to your personal data.


Monday, January 4, 2016

Windows 10 Security Guidance for Enterprise users

Update security compliance direct from Microsoft. As of 1-22-16.

Security baseline for Windows 10 (build 10240) – FINAL/Update 1-22-16
http://blogs.technet.com/b/secguide/archive/2016/01/22/security-baseline-for-windows-10-v1507-build-10240-th1-ltsb-update.aspx

Security baseline for Windows 10 (v1511, "Threshold 2") -- FINAL 1-22-16
http://blogs.technet.com/b/secguide/archive/2016/01/22/security-baseline-for-windows-10-v1511-quot-threshold-2-quot-final.aspx


If you want to compare GPO sets you should look at this tool called Microsoft Policy Analyzer
http://blogs.technet.com/b/secguide/archive/2016/01/22/new-tool-policy-analyzer.aspx

LGPO.EXE Tool (Automates the management of local group policy. Best for non domain joined computers)
http://blogs.technet.com/b/secguide/archive/2016/01/21/lgpo-exe-local-group-policy-object-utility-v1-0.aspx

For more Microsoft Security guidance you can follow their blog.
http://blogs.technet.com/b/secguide/