I wanted to discuss how to secure our internet connections and what would be the most effective way for me to secure my internet connection at home or at school. I have heard of proxy's, VPN's and TOR before and i dont use any of them currently.
Side question; what would be the most INSANE way to secure your traffic regardless of any realistic use case? lets just say that in theroy i had unlimited cash and compute power to secure myself. (I dont have money, or tons of compute power but i am also curious)
Well, if you want to get mad you have to use a generator for your pc because there is a proof of concept that you may calculate keys back if you can meter the used power. Also you have to shield the room you are working in with aluminium or other metal to prevent abuse of the emitted electromagnetic fields. There is also a proof of concept for attacking RSA with this.
Having your own network structure (point to point) is the only safe way, using the public internet short of end to end encryption (which is no guarantee) there isn't a truly safe way for your traffic to travel from server to server, security isn't want it was built for and I doubt at this point it could be redesigned although a complete overhaul of the internet is what is needed.
You have to look at 2016 and realize that e-commerce, video-on-demand, social networking, or even the WWW is not what the original internet was designed to accomplish, to me it's like DSL (running digital signals over analog copper wires, it shouldn't work but does work well enough for ATT to extract money from customers)....security was never even thought of as a need originally so today it's a patchwork of protocols and software driven algorithms.
Well. What is "secure" for you? Do you want nobody to see what you are doing or do you want to have an unhackable PC? Do you just want to be anonymous or do you want everything encrypted? What exactly is "secure" for you? These are different things with different solutions.
But also not in EU. Data retention's a bitch. So.... Switzerland, or Swaziland, I guess? Because South America is not on the page with equipment prices, asia will probably have all sorts of new equipment that glows but doesn't do what you need, russia's russia.... did I miss anyone? No? Good.
Do you need good ping? If not, how do you feel about being a munar colonist??
This would be the way I would do it. 1. Faraday cage ( watch movie enemy of the state gene hackman is using one ) Inside concrete lead bunker. concrete lead lined bunker so you can remove tin foil hat. my head get sweatie and itchy after awhile. 2. Open source router I would use Pfsense 3. VPN or VPNs 256 bit encryption. have them setup to go to countries with less big brother watching, poor Internet but safer. Change VPN many times a day or hour. 4. PC build, what ever cpu you like amd or intel 32 to 64 gig error correcting ram. Create Ram disk install linux distro that you like on to the ram disk. Remove install devise ie usb stick or cd. You do this so when you turn power off there is nothing left you where never on the Internet and did not down load anything. If you need to save anything have encrypted usb device. 5. Find a web browser that is open source and has not be compromised by government. 6. And if you can. if you live in big brother government state cut into network lines and get free Internet. Get job with Internet provider to learn how there systems work and on lunch break get that gig bit line hooked into large company that will not notice the extra traffic. This is not very expensive except for the bunker which is optional if tin foil hat is a bother. Your Internet provider job should pay for it. Just a few thoughts I have had over the years to get around people watching me on the Internet. Do not take anything like cell phones laptops into you bunker the mics and cameras can record you if they are hacked. Have a day
As a not so serious answer in my paranoid network set up I have four VPN connections in a load balance group so each connection will randomly use a different vpn. I'm still not sure if this adds anything or just creates a larger presence which is easier to trace. I also have another vpn which I use as a public IP for inbound connections.
I run snort on all external connections (six vpns and wan) and have a strict internal firewall which only allows outbound connections of specified ports. The network is segmented in to LAN, WiFi, DMZ, public, VPN, VPS, and WAN.