This film has spoken to me in many ways over the years, most notably one line in particular: “What we do echoes in eternity” – Maximus Decimus Meridius
What does this have to do with a security podcast/blog site you may ask? We can adapt this mindset to our activities online once we realize that our activity can easily be connected back to the responsible individual.
The focus of this post will be to cover the ‘Primal Security’ methodology for anonymous activity on the web. I will caveat this by stating that this is no way an all inclusive guide, but moreover a primer on steps you can take to protect yourself online and ensure that, more or less, all of your systems network traffic is encrypted and secured.
Utilizing a VPN is one of the most important steps in ensuring that all traffic coming to and from your system is encrypted. To get started using a VPN, your first step will be to select a service provider. Below is a list of the factors that you should take into account when selecting your provider. (Personal preference for VPN Service Provider of PrimalSec members is ‘Private Internet Access’)
Protocol – Multiple options are available when selecting a service. Common options are SSL/TLS, PPTP, L2TP, IPSec, etc., and it is recommended that you understand the benefits of drawbacks and benefits of each (in particular PPTP). (Currently, I am utilizing SSL/TLS via the OpenVPN client)
Server Exit Locations – This is an important factor that is dependent on your needs. A server exit location will determine country/state/etc location information of your VPN IP. (For example: An exit server in Sweden will provide you with an IP assigned to Swedish address space)
Logging – Logging is, in our opinion, one of the most important features of a service provider. When you’re connected to a VPN, you are trusting the provider with your activity and traffic, and a provider has the right to log this activity. It is recommended that you select a VPN provider that does not log the activity of its users. (Most free service providers log activity. Additionally, if you choose a provider that logs activity, it’s recommended that you verify log retention policy of the service provider.)
Device Support – Another factor to take into account is support for mobile devices and other types of devices. Some providers do not support using their service on devices such as phones, etc.
DNS Leak Protection – Some providers provide built in DNS Leak Protection. If your provider does not support this (or you are especially paranoid, like us, you can use additional security modules to protect your DNS traffic. This topic will be covered later).
VPN – Installation/Setup
After selecting a service provider and subscribing to the service, you will be provided with an account username and password. At this point we will be configuring our system to utilize the VPN appropriately. In our example we will be configuring the VPN on an Ubuntu 12.04 system. If you are using a Windows or Mac OS system, appropriate installers are available.
Installation utilizing network configuration manager* –
- Open a Terminal, and run: sudo apt-get install openvpn network-manager-openvpn network-manager-openvpn-gnome. This will prompt for both your password, and a Y/n answer, please provide it with your password, and Y
- Once installed, open System Settings, then Network
- Press the + symbol to add a new connection, and select the VPN Interface, then press Create
- Choose OpenVPN as your VPN Connection Type, and press Create
- The following will walk you though all configuration steps needed for the PIA VPN.
- Gateway: Select one of the Hostnames provided on the Network page
- Type: Password
- Username: The username provided with the PIA account
- Password: The password provided with the PIA account
- CA Certificate: Downloaded this zip file and extract the ca.crt file to somewhere it won’t be deleted. We suggest your Home folder. If you extract this to your home folder, when searching for it, please click on your username on the left side, which will take you right to the home folder, then select the ca.crt file from the options on the right.
- Advanced: Under the general tab, check the Use LZO data compression
- IPv4 Settings:
- Method: Automatic (VPN) Addresses Only
- Press Save. If you chose to have your password saved it may ask for you to verify your password to open your keyring.
Installation utilizing the OpenVPN installer script* –
- Download the openvpn ubuntu installer
- Run sudo sh ~/Downloads/install_ubuntu.sh (replace path to installer accordingly)
- Type ‘y’ to install python 2.7 in case it’s not installed.
- Type ‘y’ to install network-manager-openvpn in case it’s not installed.
- Enter the login for your account.
- Wait for the installation to finish.
- Connect using the Network Manager.
- Enter your password when prompted (only needs to be done once per region).
*installation information obtained utilizing Private Internet Access install page