3

If you absolutely had to share a network with a user who had a very lax approach to security and was frequently hacked (1-2x month for over a year now), what might you consider doing to secure your own osx system, and perhaps audit the integrity of your modem/router?

The modem/router we use was recently compromised with DNS redirecting malware... and had to be replaced.

p.s. User-education is almost out of the question here, for reasons I won't get into to much... but involve, really, a completely different problem domain: human psychology. I have had no luck broaching the subject or getting access to his machine to lock it down (and this is an old old friend). I think given the hardship this person has already endured, accepting help at this point would be like admitting responsibility that he's not just a random victim... and that is hard to process.

Improve this question

2 Answers 2

Reset to default
4

You can use DNSCrypt to protect against DNS poisoning, HTTPS Everywhere in case you forget. Maybe install Tunnelblick and setup a secured OpenVPN server on a remote machine/network you know is likely to be healthier. Good luck.

Improve this answer
2
  • 1
    Thanks, DNSCrypt seems awesome... I didn't know about it... and I already use OpenDNS.
    – sas08
    Commented Feb 11, 2015 at 14:41
  • 2
    +1 DNSCrypt is awesome, use it 24/7 and it's best way to protect you from DNS poisoning, if not the only way. You also aren't required to use OpenDNS servers, as many are part of the OpenNIC Project and ran by volunteers.
    – ajkblue
    Commented Feb 11, 2015 at 21:39
2

If you have access to the modem and router then setup a separate router for just you. Back when I lived with roomates, this is what I did. I also hid the network (did not broadcast the SSID). Note of course that you will never be secure if the roommate grants physical access to your router to the 'hacker' (or worse, your roommate is the hacker!).

Bottom line is that you want to isolate your roommate's network from your own.

If you are buying a new router for yourself, consider one that will allow you to run a VPN on the router. Configure it to do just that for an added measure of security/anonymity.

If you absolutely must share the same network. Make sure you have a great firewall and that you know how to use it! There are a whole lot of APT out there but having a great firewall will block most attacks. Once again, I would also suggest using a VPN on your device that is connected within an insecure network. Lastly, I would be sure to actually turn off my connected electronics when not in use.

OH! I just saw that you use a mac, I know we are not supposed to recommend software but little snitch is probably my most useful program for my mac! Learn to use it and use it everywhere! Once again, it is consumer grade (so it wont stop government level espionage) but is more than capable.

Improve this answer
0

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .