Installing Tor to surf the internet Anonymously

 

Using TOR to Browse the Internet Anonymously.

So what’s it all about Alfie?

The Onion Network (TOR) is free software suite designed to secure your internet connection. It’s available for Windows (not recommended), Mac, Linux/Unix and Android.

It works by using a series of virtual tunnels, maintained by volunteers, that distribute your information across a series of geographical points. It is designed to increase your privacy and security when using the Internet. However it’s effectiveness has been questioned in recent weeks as more revelations about how the NSA snoop on users come to light. For my money it’s still worth using as some privacy is better than none. Belt and Braces is always the motto here at Android Shed Towers.

More information on the TOR Project can be found at:

https://www.torproject.org/about/overview.html.en

Pro’s and Con’s

Whilst TOR on it’s own will not guarantee your privacy and security it can form part of a system that does offer massive improvements over standard browsing environments. Unfortunately Windows is, as usual, like a leaky boat when it comes to security. I recommend using a secure operating systems such as TAILS if you have no choice but to use Windows.

To maximize security TOR comes with several major caveats.

You’ll need to use the TOR Browser, which ships with the TOR Bundle. Firefox, Chrome and especially IE are not compatible with TOR. It’s also important not to install or enable any plug-ins. This means no Flash, Real Player or QuickTime.

TOR is only effective on HTTPS sites. It will encrypt your information to the website but it’s the websites job to encrypt the data returning to you. This only happens if the address URL contains HTTPS://. The TOR Bundle will try to connect you to secure versions of websites using the HTTPS Everywhere extension, but you should still check that the website you’re providing information to display a green or blue button bar.

You cannot use torrents with TOR. It’s not secure so just don’t. Capisce?

Wait until you go off-line before opening any documents. There’s always the possibility that the document might contain links or buffer overflows that could give away your identity.

Don’t use your own email address. Use an anonymous email provider such as Guerilla Mail.

How to Install TOR on Windows (if this is your only option!)

Head to the TOR website and download and install the bundle from here or if you’re using Chocolatey open an elevated Command Prompt in Windows and type:

cinst tor-browser

I also suggest using your own VPN and Proxy with Tor. Details of how to install this are here:

https://androidshed.wordpress.com/2014/02/17/setting-up-a-home-vpn-and-proxy-server/

Click on the Start Tor Browser Icon. If you haven’t configured your own proxy just click on direct connection button. If you are using a proxy then configure Tor to use your proxy. If you’re running behind a firewall this is where you’ll also be able to configure Tor to bypass it.

In the Tor Browser visit https://check.torproject.org/ and it should hopefully tell you that you’re now secured.

If you’d prefer a significantly more secure environment, consider using Tails or Whonix. I’ll be publishing guides on who to use and install them shortly.

Installing Tor on Android.

Tor on Android consists of two components Orbot and Orweb. Orbot is the proxy part and Orweb is the browser. Orbot works best if your device is rooted as it will then being to use transparent proxying, otherwise you’ll have to use applications designed to work with Orbot.

Orbot can be found here.

Orweb here.

Once you’ve installed Orbot it’ll run it’s installation procedure. If you’ve rooted your device Request Supervisor Access and Proxy all applications through Tor. You’ll need to configure Twitter to use localhost port 8118 as it’s proxy.

The other Guardian Project Android applications are:

ChatSecure: Secure chat app with off-the-record encryption

ChatSecure Voice Messaging Plug In for ChatSecure

DuckDuckGO Search engine

Proxy Ad-on for Firefox

NoteCipher Noteapp with built in encryption

Oscuracam Privacy for your pictures

PixelKnot Stenography. Hide messages in images

GNU Privacy Guard PGP file encryption

Happy Secure surfing.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Setting up a Home VPN and Proxy Server.

Why Gary, for the love of God why, do I need a proxy Server?

A Proxy Server acts as an intermediary for requests between your computer and the computer serving the requests, such as a web server. So if you’re sitting in a hotel using an unsecured open wi-fi hotspot this system will encrypt your information over the open network, send it to the proxy and then receive the encrypted information back again, foiling any snoopers intercepting the data over the open network.

What’s this VPN that you speak of Tech Monkey?

A Virtual Private Network (VPN)  uses the secure tunneling as mentioned above but allows you secure access to your files wherever you are.

Sounds ok, what’s needed then chief?

• A machine sitting on your home network that’s always turned on and connected to the Internet, this will be our server.
• Logmein Hamanchi installed on both the Clients and Server
• Privoxy installed on the server

Hamanchi can be installed on Linux, including the Raspberry Pi, Windows and Mac. I’m using Hamanchi as it’s a very easy way to install a VPN and doesn’t require in-depth knowledge, such as having to open ports on your router. Privoxy is also very straightforward and is available on many platforms. There are other methods available such as OpenVPN but this is by far the simplest.

Bring It.

First you will need an account with LogMeIn. LogMeIn remote control used to be free but is now a paid for service, however we will be using Hamanchi to set-up our VPN which (at the time of writing) is still a ‘freeium’ service, up to sixteen machines can be configured in the free version.

Install Hamanchi on the machine you will using as the server. Once installed click the power button to enable the VPN service. You will then be asked to name your network, give it a unique ID and remember the password. You’ll want to set this up as a Mesh network if you’re given the choice. Once created you now have a VPN!

In the Hamanchi window, next to the power button, is your VPN’s IP Address. Right-click on this IP address and select Copy IPv4 address. This will copy the address to the clipboard, we’ll need it shortly.

Now repeat the installation on every machine you want to connect to the server, using the same network name and password.

Next, on the server machine, download Privoxy from Sourceforge. Installation will depend on which operating system you’re using. Windows is a standard installation routine. However if you’re running a firewall on the server you’ll need to to open port 8118. Google will be your friend if you’re not sure.

Once installed launch Privoxy (in Windows it will launch a blank window, access it from the System Tray). Right-click Privoxy in the system tray and select Edit > Main Configuration. Notepad will open with a text file called  config.txt  this is the main configuration file. Press Ctrl+f and search for listen-address 127.0.0.1:8118.  Replace that IP address with the one we copied earlier. So the new entry will read something like listen-address 25.189.xxx.xxx:8118

Save the config file and restart privoxy.

Setting up your Client.

Install Proxy SwitchySharp on your client PC. This link is for Chrome, the principal is the same for other browsers.

1. Install the Proxy Switchy extension. Once installed, it should automatically open a new tab with its options. (If it doesn’t, right-click the Proxy Switchy icon in your toolbar and select Options.)
2. Enter a profile name, something like “My Proxy”.
3. In the HTTP Proxy box under Manual Configuration, enter the Hamachi VPN IP address to the computer where you set up your proxy. Set the port to 8118. This is the above address. Remember that Hamanchi must be running on every computer you want to connect.
4. Click Save and you’re done.

Now when you have the Privoxy server selected as your proxy you will be accessing the internet securely and be safe from prying eyes when using public wi-fi hotspots.

Once you’ve installed Hamanchi on all your computers you will be able to securely browse the contents of their hard drives over the internet. Making it very easy to store all of your files on the server and access them from anywhere.

Let me know how you get on.

The Best Extensions for Chrome

Google’s Chrome is my preferred browser of choice. Although both Opera and Firefox are absolutely fine choices I just have a personal preference for Chrome. If you’re still using any version of Internet Explorer I advise you to remove it (Control Panel, Programs, urn Windows Features On or Off) unless you’re still using Windows  XP where it is required for Windows Update, for the love of God upgrade your copy of Windows to 7!

Chrome is fairly secure when it’s installed however there are several extensions you can add to help ensure your browsing is as secure as possible. Although this list is for Chrome most of these extensions are available for Firefox and Opera. Here are my recommendations.

Security Extensions.

Ad Block Plus

Will stop pretty much every intrusive Advert  and Pop Up on websites. Once installed make sure that you enable tracking blocking as well. The first step in a secure browsing experience. Available for most browsers and Android.

AVG Privacy Fix

From the same people responsible for the excellent free Anti-Virus software comes an all in one privacy tool for Facebook, Google and Linkedin. It’ll take a few minutes to go through the set-up of this extension but is worth it. A very simple method to lock down the leaky parts of your social networks. Essential if your children use Facebook.

Ghostery

Another free privacy and anti-tracking tool. Although it might seem belt and braces using this as well as the above tools but this is the best procedure possible. Very simple installation routine. Make sure you check all options for tracking and privacy. The Ghost Bubble option will show you what’s being blocked but I found this unnecessary and a bit intrusive. Runs on pretty much everything.

Hide My Ass

Free VPN and Proxy service. A quick and dirty was of switching to a secure and anonymous web browsing session. Useful for browsing public Wi-Fi hotspots. The Website also offers Anonymous Email and Referral. https://hidemyass.com

Hola

Another free VPN service that is excellent for bypassing company or government firewalls. Can also be used to watch video without any geographical boundaries (many sporting events, for example, cannot be viewed outside of their host countries). Offers bandwidth reduction as well.

HTTPS Everywhere

By default your web browser will load sites using the default unencrypted HTTP protocol. This “set it and forget it” extension will try and force the website to use the secure HTTPS protocol.

Proxy SwitchySharp

A very straight forward and easy way of switching proxy servers. Can be used alongside servers on the list https://hidemyass.com/proxy-list/ to bypass firewalls and browse anonymously. See my future post on setting up a home proxy server for more ideas.

Shield

Blocks Malware and Spyware. Monitors Extension for malicious behaviour

Social Fixer

An excellent tool for improving privacy and getting shot of all the little Facebook niggles. Easily removes all of the rubbish on your Facebook feed, nice photo viewer and news feed filters. The author is always engaged in a poacher verses gamekeeper battle with Facebook but thus far has managed to make using Facebook a great deal less annoying.

SpotFlux Lite

Another very simple and easy to use anonymizer and secure browsing extension. Great for public wi-fi. Also available for Android.

Just Useful Extensions

Add To Any

Very similar to the share feature on Android phones. Once installed and configured a very easy way to share web pages via Facebook, E-Mail and pretty much any mechanism you can think of.

Clearly

Although designed to be used alongside Evernote Clearly simplifies the look of any webpage and removes all extraneous rubbish. Before printing any web pages I always process them through Clearly. Try it, you’ll thank me.

Video Downloader Professional

Allows you to download any video playing on a web page. That’s it.

Chrome to Phone

Easily send links and other information from your desktop browser to your phone. Very useful for recipes.

mxHero Toolbox

Adds a shedload of features to Gmail including Message Tracking, Reply Timeout, Send Later, Private Mass Mailing and Self Destruct.

Pocket

I use Pocket and Evernote every single day. All the important information that I want to save goes into Evernote and web pages I want to read at my leisure get posted into Pocket. Sign up for an account at http://getpocket.com/ add this extension and then start saving and tagging all that stuff that you just don’t have time to read!

Push Bullet

Install the Push Bullet App on your Android phone and install this extension then all of your phone notifications will pop up on your PC. Handier than it sounds!

Send to Kindle

Will take a webpage and push it to your Kindle. Very handy for any long reads such as free online courses.

That’s it for my suggestions would love to hear yours.

Using OpenDNS to enhance your home network security.

Why?

A new vulnerability has been discovered allowing attackers to send your website requests to a rogue site by altering your routers DNS settings. This means that you could be sent to a mocked-up version of your banks website which looks exactly like the legitimate site, where your passwords and user-names could be collected. Using OpenDNS helps avoid these “Phising” attacks.

First a word about DNS.
Dynamic Name System (DNS) is a method of allocating names to internet addresses. Simply put computers prefer dealing with numbers rather than names, humans, however, struggle to remember Internet addresses. DNS helps to bridge the two worlds. Every website and resource connected to the internet has an address assigned to it such as 212.58.244.67, this number is for the BBC website. When you type http://www.bbc.co.uk into your web browser it then performs a DNS lookup which translates that name into the IP address. This is transparent and usually seamless. However if your router has been compromised it is possible that the DNS could forward you to a rogue website that exists solely to extract your login information.

What’s OpenDNS, he who is wise in the ways of Internet Security?
OpenDNS is a free service that uses security hardened DNS servers that will safely route you to the correct site. They also provide free Phising protection by keeping an up to date database of rogue websites. If your system is set-up to use OpenDNS clicking on a dodgy hyper-link in an email, for example, will send you to a notice page telling you that the link is probably not the one you were looking for.

Because OpenDNS use custom made DNS servers using their service can often improve the speed of your browsing. Also it is very easy to use their service for parental controls restricting access to adult sites.

How?
First of all sign up for a free account at https://store.opendns.com/get/home-free
Once that’s set up you have two choices for using the system. Essentially you will need the following IP addresses to be used as your DNS servers.

208.67.222.222
208.67.220.220
The first way is the easiest and only needs to be performed on your router. Once your router is using the above DNS servers EVERY device on your network is protected. Nearly all makes of router allow you to specify which DNS servers to use. The only one I’ve found so far that doesn’t is British Telecoms HomeHub (if you have a BT HomeHub you’ll have to use method two). Instructions for changing your router can be found here.
If you cannot change your routers DNS servers you will need to manually change the DNS servers on EVERY device connected to your network individually (PC’s, Laptop’s, TV’s – essentially anything that uses a web browser) otherwise it will not be protected. Instructions can be found here. Android users will need a rooted device!
Once you’ve set-up your equipment access the OpenDNS Control Panel here and download the software to keep your IP address up-to-date. There are Windows and Mac versions.
In the Control Panel add your network. Once you’ve done this you can then select the level of filtering you want to use.

High
Protects against all adult-related sites, illegal activity, social networking sites, video sharing sites, and general time-wasters.

Moderate
Protects against all adult-related sites and illegal activity.

Low
Protects against pornography.

None
Nothing blocked.

Custom
Choose the categories you want to block.

The Custom option will allow to specify filtering of topics such as Drugs, Firearms and Adult Themes.
Your Dashboard also contains the statistics for your network. You’ll easily be able to see what internet sites your family are accessing and how often.
So if you’ve managed to change your DNS servers to OpenDNS you should now have a more secure, robust and faster internet connection.

Make sure your home network is as secure as possible by following this guide;

Ultimate Guide to Home Wi-Fi Security

Replacing Windows XP with Linux.

What’s Happening?

After April 8, 2014, Microsoft support and updates for Windows XP will no longer be available. It was, after all, released in 2001 and has lasted longer than anyone expected. However its technology has been superseded and continuing using it is no longer recommended as it is vulnerable to a great many security holes and the situation will only get worse once support has stopped.

How does this affect me?

Not only will Microsoft stop providing support and automatic updates to XP but their Anti-Virus solution MS Security Essentials will no longer be available for download. It is likely that any existing software and hardware from other manufacturers will also stop working on XP in a short time thereafter. Microsoft won’t stop you using XP but it will become dangerous to use on the internet and the number of attacks specifically targeting XP will increase dramatically once support has stopped.

What can I do?

Your options depend on the specifications of your hardware.It’s likely that older hardware will not be able to run a more modern version of Windows. The minimum hardware requirements for Windows 8.1 are:

• Processor 1 gigahertz (GHz) or faster
• RAM 1 gigabyte (GB) (32-bit) or 2 GB (64-bit)
• Hard disk space 16 GB (32-bit) or 20 GB (64-bit)
• Graphics card Microsoft DirectX9 graphics device with WDDM driver

If you’re unsure of the hardware on your computer then you can view the specifications using a free-ware package called Speccy, which can be downloaded at

http://www.filehippo.com/download_speccy

Microsoft also provide an upgrade tool that will advise you on your options:

http://go.microsoft.com/fwlink/p/?LinkId=321548

Whilst getting a new computer is your best option to ensure that you will be able to continue using your existing hardware and software it doesn’t mean that you will need to dispose of your old PC.

If I get a new computer, what can I do with the old one?

There are many lightweight versions of Linux that will run on a wide range of hardware. Linux has always been significantly more secure and crash proof than Windows. Exactly what you’ll be able to run and what type of performance index you’ll get depends on the hardware. All will be able to access the internet with a web browser and access your email. Slightly better specifications will happily run office applications and some will even run Windows programs and act as media players. Whatever hardware you have there’s a good chance that running Linux on it will give it a new lease of life. Best of all, Linux and many of its applications are free. Whilst it may not be as easy to use as Windows or support all of your hardware, it’s a better option than consigning your old computer to the landfill.

Free you say?

Linux is free to install and use. However it’s probably best to get a skilled consultant to not only install it but to aid with transferring your data.

I will charge from £50 for a successful installation of Linux, with the cost increasing if a more significant amount of time is involved.

If you’re interested then click on the following link: Contact Gary Marsh.

How to securely use a Public Wi-Fi Hotspot with Free VPN using Windows and Android

Whilst public Wi-Fi hotspots in Pubs and Hotels are great for catching up with emails they are more often than not completely unprotected and offer many opportunities for hackers to access your data. One of the easiest tricks is session cookie hijacking which enables a hacker to gain full access to your Facebook account for example. An easy way to ensure your data is safe is to use a Virtual Private Network (VPN). Quite simply a VPN sets up a secure point to point connection so that anybody eavesdropping over the public network cannot see your data.

There are many methods of using VPN’s all of them having various pros and cons. The method described here isn’t the easiest but one of the more secure, it is free, doesn’t require any registration and works on pretty much every platform. It is also possible to configure the VPN without any additional software, although we will be using the Windows client in this guide.

Introduction to Open Gate VPN.

Open Gate VPN is a free service run by volunteers. It runs on Windows, Mac, iPhone, iPad, Linux and Android. As well as offering strong encryption on Public Wi-Fi it also allows your to hide your IP address, Change your country of origin and bypass any Government security restrictions or company firewalls!

Firstly let’s look at the list of servers, which can be found at http://www.vpngate.net/en/

This list is completely dynamic and will change regular. Because the servers are run on a volunteer basis there is no guarantee that any server you are using will always be available, not too much of a problem if you’re running the Windows client but more of a pain with Android.

Windows Client.

The easiest and fastest set-up option for Windows is to use the Softether VPN Client which can be downloaded here.

Installation and configuration options are here.

Once you’ve installed the software and connected to a VPN server all of your traffic will be running through the VPN’s tunnel. If you want to want the NCAA March Madness Basketball play-offs (picking an example at random) and you’re not in the US, simply select a US server. This will also circumnavigate your company or school’s firewall. Because your data is being encrypted on your PC and at the VPN Server it cannot be snooped upon over a public Wi-Fi hotspot.

Android Instructions, based on Ice Cream Sandwich. Your device might be slightly different.

A slightly different method is used to connect to the VPN servers on Android, this involves manual configuration. Once you’ve set-up a server there is no guarantee that it will always be available. However it only takes a few seconds to change the address of the server to one that is working.

Firstly consult the current server list here and look for a server in the country you want to appear to be accessing the internet from that has a check mark in the L2TP/Ipsec column. You want to pick the server with the highest line quality. The Mbps rate is the number of Megabits Per Second, 125 Kilobytes Per Second. The Ping rate indicates how long it takes the traffic to reach you. Make a note of the servers name (It ends with opengw.net e.g. vg1990019734.opengw.net). The easiest way to do this would be to open the server list on your Android devices web browser and copy and paste the server name.

Once you’ve picked your server you’ll to go into your wireless network settings

• Menu → Settings → More Networks → VPN → Click the Plus Symbol to add a new VPN

• Give the VPN a name, this is for your reference and can be anything (e.g. OpenGateVPN).
• Select the L2TP/IPSec PSK in the type field.
• Enter the Server Name (e.g. vg1990019734.opengw.net) in the Server address filed.
• Scroll down the configuration screen, and check the “Show advanced options” box
• The L2TP secret and IPSec identifier files are not used.
• Specify “vpn” (3-letters) on the “IPSec pre-shared key” field.
• Specify “0.0.0.0/0” (9-letters) on the “Forwarding routes” field. Make sure that you input the “Forwarding routes” field correctly. If not, you cannot communicate via VPN.
• Click on the Save button

Now you’re ready to connect. Click on the entry you’ve just created and enter vpn as the Username and Password and check Save account information. If all’s gone well a key symbol should appear the in top left hand of your screen. This indicates that you are connected to the VPN and your connection is secure. If the server cannot collect, check the server list to ensure the server is up. If your server isn’t running simply change the server address to one that is.

I will shortly upload a report on other VPN options for Windows and Android such as:

Spotflux Lite

Wi-Fi Protector

Tunnel Bear

Ultimate Guide to Home Wi-Fi Security

Is your home Wi-Fi network Secure? Possibly not!

This guide is, hopefully, an easy to use instruction set on how to make your home Wi-Fi network as secure as possible. If your network is not configured correctly it can be very easy to obtain access to your router, your files and the information you transmit to the internet (even if you’re using a secure banking website!). It should only take an hour or so to ensure you’re running at maximum security.

First off what type of encryption are you using. There are four types:

• None. Not only can anybody connect to your router but your data is unencrypted. It’s very easy to collect all of the data you’re sending and receiving not only to the internet but also to any other machines you have connected. It’s also possible to strip the security away from secure websites, so your credit card details are easily obtainable. Change your security level immediately.
• WEP. An old standard now, replaced by WPA. Offers very basic security. Can be easily hacked within a matter of minutes.
• WPA. Much more secure! Both in terms of access and encryption, but will only slow a determined hacker down.
• WPA2.The current standard. Offers the best (but not infallible) security. See notes below on how to tighten security to maximum levels.

All new routers should ship with WPA2 enabled, older routers may only support WEP or WPA. Where possible use WPA2.

Accessing your router. Warning requires mild technical competence.

Most routers have a web interface that can be accessed through your web browser. Often the address required will be printed on the router and will be similar to http://192.168.0.1. This will be the gateway address on your PC, accessible by using ipconfig in Windows. More often than not the user name is admin or administrator.

How to access your router:

Find the routers IP Address

• Click Start > Run > type ‘cmd’ > Click ‘Enter’
• Once the Command Prompt window opens, type ipconfig /all|more and hit Enter
• Locate the line labelled ‘Gateway’ and make note of the number that follows. It will look similar to ’192.168.0.1′
• Open your web browser and enter the Gateway IP Address into the address bar and click ‘Enter

Click on links for specific instructions or consult your routers/ISP’s instructions.

BT

Plusnet

Sky

Virgin Media

Each router has a slightly different way of accessing the settings. If your ISP isn’t listed above or you need additional help then Google is your friend. There just isn’t enough space here to cover every option. However a list of default user names and passwords can be found at http://www.routerpasswords.com/

Router Security Hardening.

Hopefully your router will allow you to save a backup copy of it’s configuration to a file. I suggest that you backup your configuration at every step of the way, just in case things go titzup (this is a technical term for when things are Donalded!). Once everything’s set-up to your satisfaction ensure the final backup is saved somewhere safe because routers sometimes reset themselves or get corrupted and have to be returned to factory settings.

Home Networking Hardening.

1. Update the routers firmware to the latest version. This might enable WPA2 if you have an old router. If possible set the firmware to update automatically.
2. Change the default user name and password. The manufacturers ship each model of router with the same user name and password, these are easily accessible on the internet (see the above link). Once connected a hacker could change your security settings or even lock you out. Most devices do not allow the administrative user name to be changed, but if yours does, seriously consider changing this name as well. Good security practice dictates changing the password every month or so, but this isn’t really necessary.
3. Switch to WPA2 and change the Pre-Shared Key (PSK) if possible. The PSK is what you’ll have to type in to your software to allow your equipment to access the router. Ideally you would set the PSK to at least 12 characters and use a mixture of upper and lower case alphabetical, numerical and special characters (!”£$%^&*().
4. When setting the PSK you might be offered a choice of AES or TKIP encryption (actually one’s a protocol and one’s encryption but let’s not split hairs) use AES. There are exploits that can easily crack TKIP.
5. Disable Wi-Fi Protected Set-up (WPS). WPS was designed to simplify adding new devices to your router. It’s really not that hard to add new devices and WPS is very easy (if a little time consuming) to hack. WPS is very easy to spot and is a red flag to hackers. WPS uses an eight character PIN to handshake with the device that trying to connect, usually the handshake is initiated by pressing a button on the router. Once the button is pressed the other device has a small time frame to connect and exchange. However it’s possible to repeatedly send PIN’s to the router. The weakness is because the PIN is two 4-bit characters long not 8 bit. The flaw reduces the time it takes to crack your average PIN from 10^8 attempts to 10^4+10^3 attempts, one bit is used to acknowledge a successful connection (11,000 attempts total instead of 100,000,000!) or about four hours processing time with a fairly cheap set-up.
6. Change the default Service Set Identifier (SSID). This is the name of the router that’s broadcast (more on that later) to the list of access points you see when deciding what to connect to. Most manufacturers ship their routers with a default SSID such as NETGEAR. Worse some ship with a unique code such as THOMPSONWD354657. It is possible to work out the PSK from this code. Using the default SSID does give the hacker a head start and indicates that it’s probably running with default settings. I usually give the router an SSID of six random characters, making it harder to guess the default password. I also advise against using an SSID that could identify you, such as your Surname.
7. Use Media Access Control (MAC) filtering. In network terms a MAC address has nothing to do with Apple it’s the unique code that every piece of networking equipment has. It is a group of six two digit hexadecimal characters. Usually separated by colons, periods or dashes e.g. 01:23:45:ab:cd:ef. Some routers have an option to only allow a predefined list of devices to connect, these devices are listed by their MAC address. If you have a small number of devices connecting I would recommend turning this on. Even if somebody has your routers PSK they wont be able to connect. This offers a very high level of security but the downside is that visiting guests cannot casually connect to your router until you’ve added their device to the filter list.
8. Don’t disable SSID Broadcasting. Routers broadcast their names over the network at regular intervals. This helps you identify what you’re connecting to when in a pub or hotel where you are not sure what the routers SSID might be. A lot of set-up guides advise you to disable SSID Broadcasts. However it only deters the most basic of hackers. It’s very easy to discover the SSID of your router even if it’s not broadcasting and it will actually send more traffic in this mode. It also makes it easier to set-up a rogue access point to impersonate yours.
9. Make sure the firewall is enabled. Most people do not need to allow certain types of traffic over their home networks. Internet traffic is split into ports for individual services. Unless you have a server, such as an email server, at home you can probably make do with closing most of the ports. This is the job of the firewall and hopefully it will be turned on by default, if not enable. This is standard security practice. Obviously you should also make sure you have up to date anti-virus and firewall software on your PC’s.
10. Make sure Remote Management is turned off. This should be turned off by default but it’s worth checking as this is a very simple way for a hacker to gain access. I doubt you’d ever need to remotely administer your router and if you do this probably isn’t the guide for you!
11. Disable Wireless Configuration. If this options is available it’s worth turning it on. It dramatically reduces the chances of you being hacked. It does mean you’ll need to physically attach your PC to your router with an RJ45 cable when you want to make any changes to the routers configuration but it’s worth the trouble.
12. Disable Dynamic Host Control Protocol (DHCP). This tip is best left to the more technically savvy amongst you. If you have a large home network assigning static IP addresses to your devices can make it significantly easier to audit. I tend to group devices by type splitting the numbers into pools. So one pool for PC’s, one for Smart-phones, one for servers etc. I would advise using addresses in the private address range so that they cannot be reached over the internet.

• 10.0.0.0 through 10.255.255.255
• 172.16.0.0 through 172.31.255.255
• 192.168.0.0 through 192.168.255.255

Do not assign addresses x.x.x.0, 1 or 254 as these are reserved for routers and protocols. You will also need to insure that your subnet mask is in the correct range.

I would advise researching static IP addresses on the internet before undertaking this operation as it is the most involved step and one that’s very important to get right first time.

Conclusion.

If you’ve followed the above steps your Wi-Fi network is as secure as it can be. However with enough time a hacker will be able to crack into it. By using a very complex PSK you’ll be able to deter all but the very determined miscreant. I recommend regularly auditing your network to ensure it hasn’t been compromised. A tool such as Who’s on My Wi-Fi will help. If you’re after a more technical hosts scanner then I suggest Nmap.

Run a port scanning tool over your network to test your firewalls. I recommend Hacker Watch.

Don’t be fooled into thinking that you’re safe from attack just because your laptop cannot see your router from the garden. The network card in your tablet or laptop costs a few pounds. I use a specialist high powered network card and custom antenna. My laptops built in adapter can see around around ten Wi-Fi networks in my house, when I use my custom set-up I can see over 400!

If you’re running Windows disable ‘File and Printer Sharing’ in the wireless ‘Connection Properties’ for your portable computers. Only use the ‘Client for Microsoft Networks’ half of Microsoft’s file sharing. This means that your portables must connect to a machine that shares file/folders in order to access things, and that other computers can’t ask to connect to your portable to access files on your machine. I’d double check that backup of your routers configuration too. you know. Just in case.

 

Android Security Applications

In light of the recent revelations regarding the NSA snooping on most internet activities I’ve put together this brief guide on Android Security Apps. This is not a guide on securing your device or security best practices. Please read my guide on setting up free VPN connections to fully enable secure browsing.

AdAway Free

There a number of Ad Blockers for Android and they’re scattered over the internet now as Google removed them all from the Play Store. I’ve found AdAway to be the best of the bunch. It’s installation is a little unorthodox as it has to be installed from the F-Droid sideload market. Once installed set it to auto update and it gets rid of all ads that aren’t hard coded into the app. Requires Root.

https://f-droid.org/repository/browse/?fdid=org.adaway

Ad Network Detector Free

Unfortunately a great deal of apps now come with intrusive push ads, this usually pop up in the notification area and are frankly an enormous pain. This app will scan your device to find out which apps have these ads installed and will give you the option of either removing the offending app or opting out of receiving the ads in the first place.

https://play.google.com/store/apps/details?id=com.lookout.addetector&hl=en

Authenticator Free

Googles two stage authentication program provides an additional layer of security to your web based accounts. It also supports other platforms such as WordPress (which is what I use it on). Essentially if you enable two stage authentication you will need your phone with you to be able to logon. It acts in a similar fashion to the RSA keys you might have used to access your company’s VPN. With password databases being hacked on a regular basis this does provide additional security should your password be hacked.

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en

AVG PrivacyFix Free

This functions the same way as it’s big brother extension for Firefox and Chrome. Once installed you’ll be presented with a dashboard that shows you what you’re sharing and with whom on your social networks. It’s a very easy point and click procedure to harden most settings and much easier than wading through the security options of Facebook, for example.

https://play.google.com/store/apps/details?id=com.avg.privacyfix&hl=en

Changelog Droid Free

Google have improved the automatic updates in the Play Store quite a lot over the last few months. Whilst it’s a lot more seamless now the downside is that it’s difficult to now register exactly what’s been changed in an app. This simply puts the changes into one place.

https://play.google.com/store/apps/details?id=com.cypressworks.changelogviewer&hl=en

ChatSecure Free

From the wonderful people who brought you Orbot comes this encrypted Instant Messaging App. Chat securely with anyone using the XMPP chat standard.

https://play.google.com/store/apps/details?id=info.guardianproject.otr.app.im&hl=en

Dolphin Zero Free

Created by the same team behind the excellent Dolphin Browser this is a completely locked down secure environment. As well as disabling tracking no browsing history, cache, passwords or cookies are left on the device. I see this as being of more use if borrow someone else’s phone and want a completely private session with no tracks left behind.

https://play.google.com/store/apps/details?id=com.dolphin.browser.zero&hl=en

DuckDuckGo Free

Anonymous web search engine with a news headline front screen.

https://play.google.com/store/apps/details?id=com.duckduckgo.mobile.android&hl=en

MacMan Free

Excellent little utility to change the hardware address of your wireless adaptor. Allows multiple profiles and will automatically change MAC address when wireless is enabled by device.

https://play.google.com/store/apps/details?id=net.maxters.droid.macman&hl=en

Mega Free

After Megaupload was shut down by the FBI Kim Dotcom (that must’ve been an amusing day at the deed pole office) set up Mega a secure cloud based file sharing site. Each account gets a generous 50gb of storage to start and the files are encrypted at the client end for maximum security.

https://play.google.com/store/apps/details?id=com.flyingottersoftware.mega&hl=en

Norton Halt Free

Regardless of which Anti-Virus package you have running on your device it’s worth installing this as it will provide some additional protection for some specific exploits such as the Master Key, Obad, the lock screen bypass bug, and USSD code attacks. Essential if you’re running a Galaxy S2 or 3. Once installed if any action is required the app will painlessly guide you through the hardening process.

https://play.google.com/store/apps/details?id=com.symantec.android.nfr&hl=en

Orbot and Orweb Free

Orbot is a proxy app that utilises TOR to encrypt your data and then relay it through anonymous computers around the world. Unlike a VPN there is no single point of presence, your data is broken up by multiple machines. With root it is possible to enable TOR on all apps on your device, this makes it an essential addition to a secure set-up.

Orweb is the Guardian Projects secure web browser which bolts seamlessly on top of Orbot for secure browsing that will bypass firewalls and any censorship restrictions.

https://play.google.com/store/apps/details?id=info.guardianproject.browser&hl=en

https://play.google.com/store/apps/details?id=org.torproject.android&hl=en

ProxyDroid Free

A very simple way of setting up HTTP / HTTPS / SOCKS4 / SOCKS5 proxies with support for multiple profiles. Requires Root.

https://play.google.com/store/apps/details?id=org.proxydroid&hl=en

Spotflux Free, £1.29, £3.89pa

A very good free VPN service which I’ve found to be fast and reliable. For the ridiculously low price of £3.89 you can purchase a subscription which will also provide data compression to reduce bandwidth and real time malware detection.

https://play.google.com/store/apps/details?id=com.spotflux.android&hl=en

Who is Tracking Free and £0.93

This will detect any malicious apps or bloatware trying to track your location using GPS, or tracking user data from incoming / outgoing call lists, messages, Wi-Fi network information, 2G/3G data, Gmail, Facebook and similar apps. Too early to call on this one, it looks to be the real deal but I’m going to play with it a bit more.

A note regarding Anti-Virus and Tracking Applications.

I have decided not to include AV apps in this list as there are many out there and to be honest most of them offer the same functionality. Rather than express a preference I’d rather you did the research and picked one that you’re happy with. Currently I use AVG Anti-Virus Pro which is provided free with the Samsung Galaxy range of phones. I’ve also used Mcafee and Lookout which work perfectly well. The Google device manager is also worth looking at if you just want basic functionality, although I’d recommend a belt and braces approach. Your device may also have it’s own tracking and remote wipe administration software installed in it’s firmware.

Essential Android Utilities

Advanced Task Killer Free

A tool for killing applications. Whilst modern Android devices shouldn’t need a task killer (and there’s a school of thought that thinks they cause more harm than good) I’ve found this one to breathe life  into my phone every now and then. It offers a customisable ignore list and although very easy to use, it does offer some more advanced options. I’ve set mine to auto kill every hour and it’s never caused any problems.

https://play.google.com/store/apps/details?id=com.rechild.advancedtaskkiller&hl=en

All-In-One Toolbox Free

An easy to use and essential tool kit. I’ve replaced several apps with this one. As well as system information you get history and cache cleaners, App2SD, Batch Un-install and Boost Startup. Currently there are 29 tools in the app and thus far it’s been continually evolving. Some tools require or work better with root privileges.

https://play.google.com/store/apps/details?id=imoblife.toolbox.full&hl=en

Andmade Share Free

Beefs up the built in share options and offers customisation with the ability to share to multiple apps at once.

https://play.google.com/store/apps/details?id=com.andmadesoft.share&hl=en

AppGarden Free and £1.26

I avoid clichés like the plague but this is a Swiss Army Knife of utilities. Far too many to list here but conversions, post codes, Word etymology and song lyrics should give you an idea of what is bundled. A real Almanac. Many a happy loose end filled playing with this puppy.

https://play.google.com/store/apps/details?id=com.fluffydelusions.appgarden

Assistant Free and Subscription

When Siri was announced the Apple fan boys went bonkers for it, until they realised how stupid you look when conversing with your phone (although this doesn’t stop the idiots in my local Tesco). Very quickly the Android community was flooded with copycat apps. This one has proved to be my favourite – it even sings Soft Kitty if you tell it you’re not feeling well. I’ve customised the avatar so it looks like my girlfriend, which she finds a little odd. Not strictly an essential app but it can make some of the more mundane tasks a little fun.

https://play.google.com/store/apps/details?id=com.speaktoit.assistant

Dolphin Browser Free

Although I also have Chrome installed as well as Dolphin I find that Dolphin is the browser I set as default. It has a large collection of add-ons for a wide range of functions. The Dolphin Connect extension is available for Chrome, Firefox and Safari and will sync passwords, bookmarks etc. across devices. It does what it’s supposed to do and does it well and it does it fast. For the best functionality it is advisable to install Dolphin Jetpack if you are not running KitKat.

https://play.google.com/store/apps/details?id=mobi.mgeek.TunnyBrowser

FasterFix Free

Requires Root. This points your device to a local NTP server and can speed up GPS satellite lock.

https://play.google.com/store/apps/details?id=com.Double.FasterFix

File Expert Free

In my opinion simply the best file manager for Android. Possibly one of the most feature rich applications out there. Everything you could possibly need in a file manager and all the things you didn’t think of are in there. I was so impressed I bought the Pro version because I wanted to support the Developers. Probably the most essential app on this list.

https://play.google.com/store/apps/details?id=xcxin.filexpert

MightyText Free

Send and receive SMS and MMS from your desktop. Also includes a very nice notification feature which will pop up a dialog box on screen when a message or phone call is incoming. Install the extension on your desktops browser and sign in on desktop and phone. Tablet version also available. Will also backup and restore messages. Nice.

https://play.google.com/store/apps/details?id=com.texty.sms&hl=en

My Backup Pro £3.10

Whilst Titanium Backup is more than a serviceable backup utility this wins by a nose for it’s ease of use. Although this comes with some on-line space for backups it’s not really enough if you’re a power user (I have over a hundred apps on the phone). However as a set it and forget it backup on the SD card it can’t be bettered. It doesn’t require root but you’ll get some extra functionality if your device is rooted. It also offers a very nice option to backup your Android environment such as your home screen. Apps, Data and Media are all available options in the backup settings.

https://play.google.com/store/apps/details?id=com.rerware.android.MyBackupPro

OpenSignal Free

Will allow you to map cellular coverage, find Wi-Fi hotspots, test and improve your reception & get faster data. Although the results can be quite varied it has enabled me to get a better data signal when in a black spot.

https://play.google.com/store/apps/details?id=com.staircase3.opensignal

Smart Tools Free

Flash light, Compass, Protractor ,Ruler, Spirit Level, Sound level meter and Vibration meter.

https://play.google.com/store/apps/details?id=oasisllc.smart.tools.sound.detector.vibration.angle.ruler.level.compass.free.light.protractor.flashlight.metal.magnifier

Sync.ME Free

HTC phones tend to play very nicely with contacts and social networks. Most phones do not. This app will sync your contacts photos, birthdays, companies, websites and addresses with information garnered from Facebook and Linkedin. Also installs a full screen

https://play.google.com/store/apps/details?id=com.syncme.syncmeapp

TrueCaller Free

Caller ID app that plugs into your social networks. It is a collaborative app so you will have to have your details plugged into the Truecaller database, this might be a no sell for the more paranoid of you, however you can set your number to be private and only displayed on request. It also tidies up your devices phone book in a similar fashion to Sync.ME.

https://play.google.com/store/apps/details?id=com.truecaller

Recommended Media and Streaming Android Apps

4oD Free

4oD offers Channel 4, E4 and More4 programmes for up to 30 days after transmission. It also has a large selection of classic shows, so it’s slightly more than just a catch-up application. Father Ted and the IT Crowd do help a slow train journey pass by. Some programmes are also available for download via wifi.

https://play.google.com/store/apps/details?id=com.channel4.ondemand&hl=en_GB

 Audible Free

Amazon owns Audible who offer over 100,000 high quality Audio Books for download to PC, Mac and mobile devices. Currently the price is £7.99 for a monthly subscription which provides one credit per month. The mobile app allows you to download your library to the SD card, saving valuable space.

https://play.google.com/store/apps/details?id=com.audible.application&hl=en_GB

Audiobooks Free

is a free alternative to Audible offering a wide range of public domain works. To be fair the quality of the narration varies and more often than not are American in origin. However it’s helped pass some time when bored at home. No real bells and whistles and the UI could do with an overhaul but it’s a good free alternative to Audible.

https://play.google.com/store/apps/details?id=com.crossforward.audiobooks&hl=en_GB

AudioTool £5.14

is a deciBel Meter, Spectrum Analyser, Spectrogram, Chart Recorder, Signal Generator and Polarity Checker. I use it for checking that my home cinema systems are set-up correctly. It currently costs £5.14 but I got it for free as an Amazon App of the Day.

https://play.google.com/store/apps/details?id=com.julian.apps.AudioTool&hl=en_GB

BBC iPlayer Free

Live BBC and 7 day catch-up with some programmes available for 30 day download. There’s a companion media playermapp which doesn’t seem to offer any real functionality at the moment and a separate radio app. The BBC also have a sports application if footballism’s your thing.

https://play.google.com/store/apps/details?id=bbc.iplayer.android&hl=en

 BlinkBox Music Free

Free Music Streaming from Tesco (It’s a re-badged WE7). It uses the Radio business model which is becoming more popular these day (think Spotify). It does a decent job of guessing what I’d like (it picked The Stooges, New York Dolls, Badfinger and The Faces) after a very short time of playing with it. I prefer Jango, see it’s mention later.

https://play.google.com/store/apps/details?id=com.we7.player

 Crackle Free

A real mixed bag of Films and TV Shows. There’s much more chaff than wheat but there is the odd nugget (I’m thinking The Tick and Barney Miller, to name two). It’s free, supported by ads. There are a few decent documentaries in the mix too, just don’t expect any blockbusters.

https://play.google.com/store/apps/details?id=com.gotv.crackle.handset

Google Play Music Free

Google’s Music offering gets a mention here for it’s ability to store 20,000 songs on the cloud. Just install the companion application on the machine where your music is stored (it plays nice with iTunes) and it’ll copy your songs to a locker tied to your Google account. It has a very nice DJ feature which will auto generate play-lists based on what you’re currently listening to. It has the usual store offerings too.

https://play.google.com/store/apps/details?id=com.google.android.music

Jango Radio  Free

Personalised Radio Application. Just play a few songs through Jango and it’ll start to build your own radio station. As it plays the songs you can either like or dislike them and the app will learn what you enjoy and stream similar artists to the ones you like and it does a very good job. Only downside is that it’ll periodically ask you to listen to an unknown artist every now and then and ask for your vote, but that’s a very small price to pay.

Moon+ Reader Pro £3.10

An excellent e-book reader. Supporting epub, pdf, mobi, chm, cbr, cbz, umd, fb2, txt, html, rar, zip or OPDS formats. I’ve found to be the best e-reader with OPDS support, it plays very nicely with my Calibre library and is an easy way to discover other libraries. This makes it’s worth the money in my not so humble opinion. Has better SD support than the kindle app too! There is a free option which doesn’t have TTS or weaker PDF support. I thought it was worth the developer a few sheckles.

https://play.google.com/store/apps/details?id=com.flyersoft.moonreaderp

 MX Player Pro £3.70

The best Video Player on Android. Offering Hardware Acceleration, Multi-Core Decoding, Pinch To Zoom, Subtitle Scroll and a Kids Lock. Works like a treat on both phones and tablets. There’s a free version with ads but as video playback is a vital app it’s worth shelling out for the Pro version.

https://play.google.com/store/apps/details?id=com.mxtech.videoplayer.pro&hl=en

MyPlayer+ £3.00

Another TV streaming option. Offering live pause. Has the option to include custom streams. Used this app in my Windows Mobile days and think it’s the best paid app for streaming TV. It streams Dave, so you can always get your Top Gear fix.

https://play.google.com/store/apps/details?id=sns.myPlayer_Pro&hl=en

Netflix  Free

It’s Breaking Bad. On. Your. Phone. Needs a subscription. Now supports profiles so my girlfriend doesn’t get annoyed by the suggestions list filling up with Archer, Mythbusters etc.

https://play.google.com/store/apps/details?id=com.netflix.mediaclient&hl=en-GB

Plex £3.05

I’ve found Plex to be the best free media server and it runs quite happily on a low spec laptop. Essentially all my Films, Music and Photos can be streamed over the internet to this app. Easy to share, just email a link. Has always worked flawslessly.

https://play.google.com/store/apps/details?id=com.plexapp.android

Shazam Free

Really? Never heard of Shazam? OK real quick. It’ll listen to that song that’s on the radio, you know that song by thingie, the one that goes doobedoobedoo and tell you the correct artist and title. Fails on most classical music and really obscure stuff. Used a lot now in television for additional content. I use it a surprising amount, you will too.

https://play.google.com/store/apps/details?id=com.shazam.android

 Spotify Free

Now offering free shuffle play. Handy if you’re at the Gym and don’t have a premium account.

https://play.google.com/store/apps/details?id=com.spotify.mobile.android.ui

 Tunein Radio Free or £4.49

The Daddy of radio apps. Even if your phone has got an FM radio this is worth installing. Streaming radio from most countries in the world. Obviously Wi-Fi is best but it works fine over 3G. The Pro version allows you to record what you’re listening to.

https://play.google.com/store/apps/details?id=radiotime.player

TV Catchup Free

Free ad supported live streaming of UK TV. Only available in the UK.

https://play.google.com/store/apps/details?id=com.gzero.tv&hl=en

YouTube Remote Free

Remote control and send YouTube videos to your PC or Smart TV.

https://play.google.com/store/apps/details?id=com.google.android.ytremote