Hardening Your Device's Security
Unwanted software, unnecessary administrative privileges, application permissions, and chatty services are the norm for an improved User Experience. I am not a fan....
Hardening Your Device’s Security
0
By Ops Tech Alliance Security July 29, 2020

Your New Gear Is Broken

Some folks relish the unboxing of a new phone, computer, or smart device. For me, it causes a little bit of anxiety. While it usually means a clean slate, free of cluttered file systems, long ignored caches, and memory-hungry applications, it also means there’s work to do. Often, new devices are configured for ease of use which generally means convenience trumps security. Unwanted software, unnecessary administrative privileges, application permissions, and chatty services are the norm for an improved User Experience. I am not a fan.

Here, we’ll discuss a few pointers to help improve your device’s security by reducing the attack surface, also known as device hardening.

Trim The Fat

Get rid of the bloat! Many new Personal Electronic Devices (PED), but especially PCs and Android phones, are chock full of software that you will probably never use. These unwanted applications are called “Bloatware” and while they may not take up much space or memory:

1) You probably don’t need three text-messaging options or four trial subscriptions to music streaming services.

2) You can spend the extra two minutes to locate and download Candy Crush if you want it.

3) Left alone, those bloatware applications could become devastating attack vectors.

When developers update software, they often include security patches to address previously discovered vulnerabilities, and if these apps simply live on your machine and are never updated, you risk having well-known vulnerabilities that can be easily exploited. Save your space, recover your memory, and protect yourself by purging unnecessary and unwanted applications.

Tips To Harden Your Devices

Create and use non-admin accounts – By default the first user account on most computers is also a local administrator, which is basically “God mode” or “Super user” and that can affect the entire system. This account can install software, create new accounts, manage permissions globally, and configure, enable, or disable privileged applications and services. If your machine is compromised while using this account, you’re giving all the keys to the castle to the attacker. Instead, create a local user as your primary account and escalate your privileges when prompted by the system. That way, you can reduce the impact of a successful hostile takeover. While you’re at it, you should delete or disable unused or guest accounts to help minimize that attack surface.

Review sharing – Just take a minute and review the settings for file, printer, and network sharing. These are usually locked down by default, but certain bloatware linked to other software could borrow permissions and affect sharing rules.

Add another password – When powering on, your machine uses a bootstrap process controlled by either a legacy BIOS or the more modern UEFI. Within the BIOS/UEFI there are several menus and options that can impact several critical system settings like system time, Secureboot, mounted partitions, and boot order. This can be catastrophic if compromised. For example, if your boot order is changed, an attacker can circumvent your Operating System and gain access to your unencrypted filesystem with only a USB or DVD.  You can prevent or at least deter tampering with these settings by creating a BIOS/UEFI password.

**Note** You can find the easiest method to access your device’s BIOS/UEFI by searching online. It may be something like pressing the F2 or F11 key during the boot process, or holding down a button while restarting the machine, or on some smartphones powering up while pressing the volume down and power buttons simultaneously.

Security Best Practices

On top of these hardening tips, you’ll want to follow-up with standard security practices, like:

  • Use complex passwords or biometrics for account access.
  • Enable screen lock after a short period of inactivity.
  • Review your OS settings, like disabling geolocation services, application permissions, and the device assistant (Siri, Okay Google, Cortana, etc.) to suit your security needs.
  • If available, enable Full Disk Encryption (e.g. Bitlocker, FileVault). If unavailable, you can still create an encrypted vault, volume, or partition with open source tools like Veracrypt.
  • Enable automatic updates for software and the Operating System.
  • Install and configure a secure browser.
  • Enable or install Anti-Virus Software.
  • Invest in a trustworthy VPN.

Related Posts

Quick Tip: You probably don’t need that app

Occasionally, I find something outrageous, like a scientific calculator app that requests access to my contacts. Just unnecessary….

0
11 Feb 2021
Be Secure Anywhere With Just Your USB Flash Drive

I’ll show you how to set up a non-persistent secure mobile environment in just a few minutes….

0
19 Jan 2023
Wigle? Why not?

Wigle.net contains almost 14 Billion records of Wi-Fi devices and their associated locations. We’ll review how it’s used, how to avoid ending up in that list, and how to opt out if it’s too late…

3
14 Jul 2022
Scams Hiding In QR Codes

Should you be trusting of any random QR code that you find? I don’t think so….

0
21 Jan 2021
Travel Safety

Do you want a foreign government or the thief who steals your wallet or purse to have pictures of your family, along with your drivers license that has your address?

0
01 Jul 2020
Virtual Private Networks and Privacy

It is much more difficult to track you and associate your online activities back to you when using a VPN…

0
15 Jul 2020
Big Data & Artificial Intelligence

Lorem Ipsum. Proin gravida nibh vel velit auctor aliquet. Aenean sollicitudin, lorem quis bibendum auctor, nisi elit consequat ipsum, nec sagittis sem nibh id elit. Duis sed odio sit amet nibh vulputate cursus a sit amet mauris.

0
10 Jun 2020
Safety in Online Gaming

Being a part of a gaming community is fun but like any community, there is going to be some people who spoil the bunch.

0
05 Aug 2020
10 Cyber Hygiene Tips to Form Good Security Habits

Forming good habits will help keep you safe online and mitigate risks to your devices…

0
01 Jul 2022
HTTPS, SSL, and TLS

Hyper Text Transfer Protocol Secure (HTTPS) is the solution to the security problem that plagued HTTP.

0
19 Aug 2020
Quick Tip: Update Your Apple Devices Now

Last week, Apple released a security update to address a zero-day, or previously unknown, vulnerability affecting IOS, IPadOS, and watchOS….

0
01 Apr 2021
Passwords And Alternate Authentication Methods

Attackers understand that many users reuse passwords and often use bad passwords….

0
23 Sep 2020
Hiding In Plain Sight – Steganography and Polyglot Files

Unlike with cryptography, steganography messages are readable to anyone with the tools to find them…..

0
22 Jul 2021
Protecting Your Privacy Using a Travel Router

Learn how to protect your information and devices from prying eyes while connecting to WiFi during travel….

0
01 Jun 2022
How to Protect Your Stored Data

People often have the misconception that their data is safe if it never leaves their system, but this is not true….

0
09 Sep 2020

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.