There are several "Privacy tools" that are often recommended which are not necessary nor suitable for online banking.
About TOR
The purpose of TOR is to make it difficult to for your ISP or the government to tell what sites you are visiting. With normal HTTPS web sites, the contents of your session are encrypted, but the URLs are easily visible in your internet traffic. TOR also makes it very difficult for the web sites you access to determine your IP address, and thus your identity or location.
This makes sense in scenarios where you want to anonymously access blocked or illegal web sites without logging in. This is why TOR is often used by journalists and activists in countries with governments that have strict punishments and very restrictive ideas on what people should be able to access or post. This is also why TOR is often used by criminals looking to buy illegal drugs, access illegal pornography, sell stolen credit card numbers, etc.
For accessing online banking, we generally aren't trying to hide the fact that we are accessing, say, Mitsubishi bank. In general, it's fine if the government or your ISP knows that you are accessing online banking. Likewise, since you are going to log into your bank account anyway, the bank will know who you are.
Since TOR could be used by bad actors who have hacked your account to log into your bank, many banks will actively block connections from TOR exit nodes.
Using TOR to access web sites is also usually quite a bit slower than accessing sites directly.
So, TOR is not recommended for accessing your financial accounts.
About VPNs
The idea behind consumer VPNs is to encrypt all of the data transported, including URLs, and any other data that might normally be unencrypted - but this encryption only lasts until it reaches the VPN exit point. Another possible advantage is that by choosing an exit node in another country, you can make it appear that you are accessing a site from another country than the one you are actually in.
While this may provide an extra layer of security if you are accessing your banking accounts from somewhere like a Cafe WiFi hotspot - but in general it shouldn't be necessary since banking sites use HTTPS encryption anyway, and it isn't usually a problem is the URLs you are visiting are known by 3rd parties.
Further, banks may block foreign IP addresses and known VPN servers for similar reasons to TOR.
The end result is that accessing your accounts via a VPN may be slightly slower than accessing them directly, and some banks may block you.
About Tails
The purpose of systems like Tails is to make sure no evidence at all remains on your PC of which sites you have accessed. This means no cookies, no browser history, cache, etc.
This may be useful for journalists operating on adversarial environments, spies, and those visiting sites only used for illegal activities because if law enforcement confiscates and analyzes your PC, they will find no evidence of your activities.
Again, since we generally don't need to hide the fact that we were accessing banking web sites (and they will have access logs anyway), Tails and other zero evidence systems are of limited usefulness in banking.
There is a limited advantage to using Tails in that if a running Tails instance is hacked, it will be reset back to a non-hacked state when it is rebooted since the system itself is read-only. This advantage can be emulated by running a VM on your normal OS, and reverting back to a post-install snapshot after every run.
Summary
Running a locked down and hardened system is recommended for banking to reduce the change of successful attacks, however running systems designed to hide or erase your online activity is not typically necessary or useful.
System hardening is a separate and complex topic, but there are a few simple things you can do:
1. Don't use an Administrative account for daily use - It's too easy to get tricked into approving something you didn't mean to do.
2. Use a separate Windows / OS X / Linux login for banking related tasks - The OS has separate accounts for keeping data separate. While the protection isn't perfect, it's better than nothing.
3. Make sure your system is up to date - Security flaws are found and fixed all the time.
4. Enable any firewall software - Prevent connections to your computer from random machines on the internet.
5. Uninstall unused software and turn off unused services - Software & services can often have vulnerabilities. For example, turn off remote desktop and file sharing if you don't use them.
0 件のコメント:
コメントを投稿