Configuration and Firewalls in a CyberSecurity Emergency
Disclaimer: This content is the result of my having survived several emergencies of varying effect sizes. Most of these ideas are rules of thumb, and not canned answers. As in any emergency your best outcome will be if you keep calm, consider many options, and flow from plan to backup plan as required.
Configuration must be done before the machine is connected to the internet. Do at least the following:
- Configure the firewall, set to allow all traffic out and block all incoming traffic.
- Configure any server (ssh, sftp, etc.) to very strict settings.
- Limit the number of services running on your machine at any one time. As running extra services increases your vulnerabilities.
- Consider disabling wireless, unless you are actively using it.
- Consider setting the time on your machine by hand.
After connecting your machine to the internet and using only a trusted DNS server, install the rest of the software that you require for your work.
Copy your clean backup data over to the new OS install.
Vois la! You have a clean install of your OS and data.
- If you are considering becoming a black-hat hacker, make sure you know how to recover your operating system without IT support.
- If you are considering being the manager of a cyber-warfare division for any government organization, you should know how to recover your operating system without IT support, as this is what you will be doing to your targets.
- If you are considering running penetration testing without the permission of the local network administrator, then make sure that you know how to recover your operating system without IT support, as this is what you will be doing to your targets.
- If you are a minority academic computer scientist, then make sure that you know how to recover your operating system as you will likely be denied necessary IT and security support.
© 2015-2021 Intrepid Net Computing. All rights reserved.