4

I am in close proximity to the moment, where I will need to migrate from my old ssd and data hdd to new ones (wear and age), so I'm rethinking my environment. Please, give me suggestions about what should be improved regarding security and backups.

Consider environment as described:

In everyday use, I use Win7 (possibly upgrading to Win10 with new install) with KeePass2 (related to work). I use strong password and key file.

The KeePass password database together with key file (and 10+ dummy key files) and some other private files, are stored inside TrueCrypt volume, that I manually unlock after system boot.

I want to backup this TrueCrypt volume and make it available from my workplace too. I have chosen to use less popular cloud storage service (SpiderOak) to store that volume (instead of flash-drive, to be able to access passwords while away from PC or while unable to access KeePass\TrueCrypt compatible device). The problem is - that volume is always (PC has 95% uptime) mounted (can't copy/sync file in use resulting in rare opportunities to backup) and when I make any changes to contents (password database), TrueCrypt volume timestamp and size is not updated.

Because I could not solve this issue, I have postponed it as better solution is required. As I require access to the latest password storage from my workplace too, I use Remote Desktop connection (with custom port) to home and use my work PC as a terminal.

For connections to home PC, I do not use VPN (YET - I'm learning to create a l2tp with ipsec VPN server on our mikrotik router, but yet, to no avail), so I guess, I could have been already sniffed and I hope I will manage to solve this issue in future.

The question:

How should I change my behavior or environment, to make it more secure and backups would actually work?

PS: What security holes do you see in my current environment, that I should fix ASAP until my new environment is ready?

Deele
  • 263
  • 2
  • 10

2 Answers2

1

While your approach is much more than an average user would do in home environment, there are several attack vectors you may want to mitigate (for fun, learn or serious concern if you are a international spy :).

First of all, you already has blind (infinite) trust in several actors:

  • your hardware manufacturer (chip firmwares, BIOS/UEFI, etc.)
  • your Operating system vendor,
  • KeePass vendor (unless you checked the source line by line),
  • TrueCrypt vendor (-"-),
  • your cloud provider,
  • anyone who has administrative rights on your machine,
  • anyone who is able to compromise your system in any ways,
  • all employees of the above software vendors with commit right to their source code (unless you thoroughly examined their quality and security policies).

Any of the above actors can access your passwords without problem. In serious security designs you should reduce the number of trusted actors to the minimum, and you should never trust in single actor.

You can mitigate the security problems the following way:

1) Keep most important passwords in your head. This is the good way, and the intended way of using passwords. Medieval people were able to memorize entire holy (Latin) texts without understanding. We are not trained for that, but it is possible.

2) Always use 2FA (two factor authentication) for your important accounts. The biggest advantage of 2FA is that, you don't have to trust single actor. If the attacker compromised your machine or backdoored your operating system, she still have to steal your fingerprint or compromise your phone and security device. If you trust solely in passwords, and you don't keep them in you head, single actor is enough to defeat your defence. It's a several order of magnitude less probable that two actors are cooperating. National Cyber Armies certainly can do that, but otherwise you are more or less safe.

3) Keep the number of actors at the minimum. A portable pendrive with a simple text-file, encrypted with a decent algorithm and a good key is much more secure than your current setup because you trust much less actors: the current hardware, the current OS and the algorithm. You can include your own decryptor made in C or python. Some portable open source hardware with a small display and with simple verifiable code is even better. It might not be very convenient, but it's more secure.

4) Keep it simple. In security simplicity is crucial. The more you can verify personally the less you have to trust.

If you do all the above, most attacker is probably better off with sending a thug to beat you in order to acquire the credentials. :-)

EDIT: If the number of passwords are large and you can not avoid some kind of password manager, I suggest an off-system one. Pendrive with stand-alone password manager is good enough. Or you can build your own security device with Arduino framework which can even type your passwords.

goteguru
  • 643
  • 3
  • 11
  • 1
    *Keep most important passwords in your head*...on the continuum between security and convenience, this is at the extreme end of security, so in that regard it's good advice. But great (even good) passwords are very difficult to memorize. I would rather see someone use strong passwords and a password manager (as the OP is doing) than memorize weak ones. Put the effort into memorizing a difficult password and use that for unlocking the password manager. – I say Reinstate Monica Apr 24 '17 at 15:23
  • While I absolutely agree with that the weak memorized password is worse than using any password manager, I would argue humans can not remember moderate number of strong passwords using the proper techniques. For example you can create rhymes from random generated words (even discarding the rhymes) which is a simple way to store huge amount of entropy in your mind. Humans are able to memorize very-very long texts. Past generations were much better in this, since now we can reach most required information in seconds thanks to technology, but this feat is not impossible to learn. – goteguru Apr 24 '17 at 19:10
  • I agree it's possible...just disagreeing that this is good general advice based on my observation that the majority of users that feel compelled to memorize passwords compensate for their lack of disciplined memorization by choosing easy to remember passwords. They *shouldn't*, but they *do*, and knowing that, the security community should be cautious to compel them to pursue a standard most of them are likely to meet by weakening their security with bad passwords. – I say Reinstate Monica Apr 24 '17 at 19:15
  • Ok, that's true. However OP was asking for an improvement of the proposed method, and using brain password techniques is definitely a kind of improvement in security point of view. Also, I was suggesting this for the most important passwords only. No one would want to use brain passwords for hundreds of low interest websites, but I wouldn't keep my bitcoin's private key passwords in some "password-manager". – goteguru Apr 24 '17 at 19:54
  • @goteguru I have more than 700 entries in password manager - most of them, is not under my control to choose or remember. There are many different systems, that have no 2FA. My question was not about password and auth. security, but specifically about using password manager and secure storage of its database. Using encrypted text file could be "simple", but not usable in everyday usage, lacks clipboard security measures and requires manual maintenance. I need secure automation that is usable. – Deele Apr 24 '17 at 20:52
  • The above rules are still valid. Reducing the number of attack vectors and the actors involved is always a good idea. You are better off with using a simple pendrive or dedicated hardware with your favourite password manager. You can even make your own with arduino. Of course if you are not seriously paranoid and these passwords are not super high priority your current approach is more than enough as I already mentioned. – goteguru Apr 24 '17 at 21:01
  • @goteguru Reinventing password manager is not the thing that is available to anyone out there. I'm looking for solution that is usable for any reader that will read this. I want to suggest solution to this problem to my colleagues. Your answer does not yet answer the core of my question. – Deele Apr 24 '17 at 21:20
  • Well, I tried to answer your question to my best. Maybe I misunderstood the goal, the attacker's potential you considering and the value of your data (my field of research is critical infrastructure security). I still think, you and your colleges are far better off with some "keepass on pendrive" solution. Cloud and "fake keyfiles" type solutions might look smart, but has very little value against anyone above basic script kiddie level. You are pretty much exposed by windows, net and cloud anyway so in fact the other parts doesn't really matter. Use the simplest and most convenient method. – goteguru Apr 25 '17 at 17:41
0

Security is, always has been, and always will be about balancing the competing security with convenience. Virtually anything you do to make it easier for you to log in will lower your security posture. Every tool that exists to store passwords requires you to trust the vendor of the tool. Cloud storage is trusting the provider.

When you trust a company you are trusting that they have processes in place to prevent bad intentioned employees from hurting you. You are trusting that they have IT security in place so that the bad guys can't compromise them and then compromise you. People have always been the weakest link in the security chain and always will be.

Whether you can trust password managers, clouds, OS's is not something we can tell you. It depends on how important the data is you hold, and how much it could hurt you if it were damaged, deleted, stolen, or disclosed.

I personally think you have less to worry about in the areas of your password management and encryption and cloud storage and should worry mostly about exposing your home PC to remote desktop connection. I have a windows system exposed to RDP over a non-standard port, but that system holds nothing that can gain access to my accounts elsewhere.

Changing the port from the default is good, but not enough. Search for good write-ups on how to best harden your RDP service. If that RDP service is up so you can connect from work, configure your firewall to only allow from your work public IP.

That reminds me to ask, you do have a firewall in front of that Windows PC right?

Thomas Carlisle
  • 809
  • 5
  • 9
  • I understand your points about trusting the vendors - original question implies that I trust specific installations of Windows 7, TrueCrypt and KeePass. And yes, I use Comodo Firewall 10. Thank you for suggestions about looking into securing RDP. I have to note, that original question is more about dealing with password storage that is accessible from home and office and is backed up in cloud (or NAS storage). – Deele Apr 25 '17 at 11:25
  • I have never been a fan of software firewall solutions running on the windows OS. TrueCrypt is outdated and no longer active and the homepage warns contains security issues that are not and will not be fixed. I wouldn't recommend to encrypt your data with that. KeePass, or any other password locker, can be circumvented if the host OS is compromised by installing keylogger and/or DLL injection. Since your firewall is on the same box as well, that would be subject to compromise. Having that host exposed to RDP 24x7 to the entire Internet is the biggest weak link in your security posture. – Thomas Carlisle Apr 26 '17 at 21:32
  • You can improve your security posture with a script called "wail2ban", which will monitor your event logs for failed logins, and automatically put a firewall rule in place to block anything from that source IP. This will greatly reduce the chance of someone brute force attacking your box over RDP. There are commercial solutions as well, but I like the wail2ban script. Had to do some work to get it working on my Win 10 box, but once done sat and watched it pick up the failed attempts and validated the rules were put in place: https://github.com/glasnt/wail2ban – Thomas Carlisle Apr 28 '17 at 21:37