Crossing the boundaries of real and virtual. Theory

⇡ # Introduction

In fact, all these rules are quite universal, but some amendments to the legislation of the country you are entering must necessarily be done. What exactly is the problem? The fact is that in a number of states when crossing the border, you can quite easily see not only your personal belongings, but also your electronic devices. In fact, "people in uniform" can easily dig into your information and, in which case, copy some data for further analysis. Including with the involvement of technical specialists. In practice, the percentage of such inspections is extremely low, and simply because they are usually not conducted. Nevertheless, any such incident may threaten various troubles – from an elementary loss of time to a ban on entry into the country.

However, these are trifles compared to the leakage of data containing commercial secrets or, for example, medical information. How many laptops are lost every year by intelligence agents? Be that as it may, information is often much more expensive than the piece of iron on which it is stored. If you do not care about your own privacy, and judging by the profiles in social networks, for the majority this is the norm of life, then worry about at least someone else's confidential information that you have been entrusted with. In large corporations, the security service is paranoid for users, and what about the others? For example, proud young developers with their startup who want to knock out some gold from the thick bags of potential investors. There are a few simple rules that must be followed always and everywhere.

⇡ # Archive and encrypt

First, as often as possible make backups. If you lose the carrier with the information, it will still remain with you. Second, always encrypt important data. If the drive is removed, forgotten or stolen, access to them will be difficult. Naturally, backups should also be encrypted. Backups can be stored both on a separate hard drive and in the cloud. In Windows 7, Linux and Mac OS for a long time there are built-in functions for both automatic backup and for encryption of volumes. Use at least them. To encrypt individual folders, including Dropbox, the EncFS system, which we already wrote about, will do. More functional, but also more difficult to configure the famous program TrueCrypt. As a third-party utility for regular incremental backup with encryption, the Duplicati package is ideal, which is available for all major operating systems. Save copies of data from social networks will help these utilities.

When working with cloud storage, remember that a provider can be in another country and obey its laws. That's why the data in the cloud must be encrypted, so that there are no advertising brochures about security, security and other amenities. A decent option may be the use of decentralized file systems like Tahoe-LAFS or services with built-in data encryption – for example, Wuala or SpiderOak (see the review). It is equally useful to keep several identical copies of data in several places / services at once. Help in this matter can utilities NCCloud and NubiSave. Paranoid, no one prevents yourself to create a repository in the cloud, and even with a convenient web interface and additional functions. If you decide to use some other utilities, then be sure to choose strong encryption algorithms. For example, AES or Blowfish with a key length of at least 256 bits.

Choosing a password or passphrase will greatly affect the strength of any protection. In principle, the rules for compiling a reliable password have long been known – a random set of characters from 10 to 12 pieces in length, the presence of large and small letters, and special characters. Some programs successfully accept even those characters that are not on the keyboard, for example, © (Alt + 0169). (Using 1337 is not the best option.) It's best to have different passwords for each service, account, and so on. Yes, it will be hard to remember them, but for this there are password managers that require you to remember only one master password for access to all the rest. Working with web accounts noticeably facilitates LastPass (option with a USB-key), and for everything else KeePass is suitable. Another universal password manager is released by Symantec – Norton Identity Safe. It is free, has versions for desktop and mobile OS, and stores passwords in the cloud.

⇡ # Cut off the excess

A sofa, a suitcase, a valise, a picture, a basket, a cardboard box and a small dog … you are unlikely to drag along with you abroad. So why carry with you a digital trash, rummaging in which you can easily find many interesting things. And if you dig a little deeper, you will find out that files that were deleted once can be easily restored. Therefore, the best option would be to use a laptop, which will serve you on a trip, a separate hard disk with a pristine clean, just installed OS and a minimal set of software. And even to allocate at all any road netbook – it, if that, and to lose it is not a pity. Is it necessary to mention that absolutely all software must be licensed, there should not be any installers on the disk, much less "medicines". Also, you do not need to upload any data that is not useful to you on the journey.

It's best to turn to cloud technologies – store files there and use online editors like Google Docs. If the amount of information is too large, then again you have to go back to encryption. By the way, if you really care about your privacy, it's worth remembering that almost any application that somehow has access to sensitive data is a potential threat. This includes both browsers, and instant messengers, and FTP-clients, and much more. Portable versions of these applications can become a rescue. They all store in one directory, which can be placed on a protected drive / directory. Extremals will appreciate the "portable" VirtualBox, inside of which you can deploy a protected environment and which can be easily destroyed at any time.

A curious option is to send a laptop or its disk (USB flash drive with private data) by mail to itself to the point of stay in another country. However, if you still decided to use cloud storage, then, perhaps, you do not need the OS at all on the local disk of the laptop, and hence the drive itself. There are excellent protected Live Linux distributions that run from a USB flash drive or SD / CD, Liberté Linux and Tails. They, however, are much more powerful in terms of security. All network traffic, for example, is launched through Tor's anonymous network.

You can also use Tor, but this is not the fastest option for secure access to the Web, which is also very important. An alternative is your own or corporate VPN server, to which all your Internet devices connect and go online through it. Recently there was a free and not requiring special knowledge VPN-service Comodo TrustConnect. Coupled with DNSCrypt (alas, while there is only a Mac client) it will help create a more or less secure Internet channel. However, here the issue of trust to certain services arises, but this is true for everything and everything in this world.

After you have finished working on the PC, you need to clean up all the unnecessary – temporary files, logs, cookies and so on. For Windows, the CCLeaner utility is suitable, which, among other things, can "clean up" free space on the hard disk, effectively wiping out the data that was once there. This will make it difficult to detect remote files, but the cleaning process itself can drag on for a long time, especially on large volumes. In this regard, smaller SSDs are much more convenient – after deleting files it is enough to execute the TRIM command in order to sharply reduce the chance of their recovery in the future. However, it is necessary to study the features of the controller and its firmware, since not all of them immediately clean the blocks – some only mark them for further cleaning. Before crossing the border, it is recommended to perform such cleaning, log out of all web accounts and applications, and also necessarily turn off the laptop, smartphone and other electronics. To completely destroy the information on the HDD, use the DBAN or Nwipe package.

⇡ # Business mobile

Well, with a laptop sort of figured out. What about the other devices? You probably have a smartphone, a photo or video camera, a player, or some other electronic device. For USB flash drives and memory cards, it is best to perform low-level formatting before a trip and to avoid storing unencrypted confidential information on them. For smartphones in general terms the same rules apply as for laptops. The ideal option – some inexpensive device for the trip. It is best to set it up after crossing the border, since the vast majority of modern smartphones allow you to synchronize with the cloud at least a phone book. If you want to keep your home number, then read the material on setting up a bundle with SIP.

Some mobile operating systems provide advanced security settings. For example, remote reset to factory settings in case of loss of the device. All of them allow you to set a password for unlocking, which is definitely worth using. Also, using third-party or firmware, you can encrypt the internal storage and / or memory card. The standard in this sense is Blackberry products. To protect Android, you can use utilities from the WhisperCore suite. Well, do not forget about the VPN tunnel (see above), especially when using public access points.

⇡ # Speak, but do not talk

Representatives of the authorities on the border, as a rule, have quite broad powers to search. Therefore, never resist them, never lie and honestly answer all questions, never try to delete any data during the search. In many countries all these actions are criminally punishable crimes. Be sure to study the legislation of the country where you are going, and if possible consult with specialists how to behave in this or that situation. Electronic devices can be withdrawn for a while for study, but they are unlikely to be permanently selected. A very subtle point is the provision of access to encrypted confidential data. Most often this requires a court decision, but to avoid such embarrassing situations, you can make a small feint. For example, create on the laptop two accounts – one for personal entertainment purposes, and the other, encrypted, for work. Or have two drives, a volume, a container – with and without protection. In this case, you should not have a password for access to protected data – it must be transferred to you by the security service or simply friend / relative after crossing the border. Finally, the simplest and most effective rule for avoiding problems is to be polite while communicating. If something went wrong and you reasonably believe that your rights or the law were violated, then do not hesitate to write complaints or file lawsuits.

⇡ # Conclusion

So, let's briefly go over the main theses. Firstly, we put passwords on everything and everything, and also we encrypt all the important data for which we regularly make backup copies. Secondly, we do not take with us on the trip unnecessary information and electronic devices. Thirdly, we reliably delete data that is no longer needed, and do not forget to turn off all devices. Fourthly, we take care of the security of access to the Network and think over your actions in case of lost devices and important information. Fifthly, we carefully study the laws of the country of entry and, in accordance with them, behave when crossing the border. Well, the most obvious – always use the latest versions of the OS and applications, install updates, do not forget about the antivirus + firewall and other basic protection of the system. This, in general, is the minimum set of tips. Remember that 100% safety and security can not be achieved in principle, especially since the traditions of thermal rectal cryptanalysis are still alive here and there. Nevertheless, at least a little to reassure paranoia, the methods we have given can, however common sense is never worth losing. Successful travel and business trips!

If you notice an error – select it with the mouse and press CTRL + ENTER.

Leave a Reply