With the ever increasing security risks nowadays such as phishing, viruses, malware, spammers and worst the ransomware. A more secure system/protection is required and for an IT person like myself, I do most of my transactions online.
A recent attack of "ransomware" on one of my friend's computers make me wonders, is my computer really safe ? No ? How could I secure it at on a more robust way ?
So after some studies and research, I've decided to setup a few things in my home network :-
- Firewall Server.
- Backup/Storage Server.
- Norton Security Standard (Anti-Virus & Anti-Malware).
For this particular post, I will be showing how to create a portable OS (not just any OS, it must be safe, secure & lightweight) for my internet browsing & online transactions.
I came across this Linux distribution called "
Tails OS", based on a Debian kernel and fully customised with one thing in mind, safe, secured & leaves no traces.
1. Download the latest version of
Tails OS v.2.4 iso file (1.2GB).
2. Download the
Tails 2.4 Signature file and the
Tails Signing Key file. These files is also available in their download page, same page where you download the iso file.
Note : You need to ensure that all Tails files (iso, signature & key) resides in the same folder.
3. Download the latest version of
Gpg4Win utility (this is to verify whether you're downloading the correct iso file and its not being tampered with).
4. Install the Gpg4Win (aka Kleopatra) utility, the installations is simple, just follow the on-screen instructions.
|
Don't worry, it's in "English" language. |
5. After Gpg4Win is installed, run the program called "
Kleopatra" and the following screen will be shown. Click on "
Import Certificates" button.
6. Browse the signature file you have downloaded earlier. Select "
tails-signing.key" file.
7. Once successfully imported, the following certificate will shown as below. Now you can exit the utility.
8. Now run "
CMD" program and change the directory to where you have saved the Tails files earlier. This steps is required, as Gpg4Win
cannot work if the signature key & iso file is not in the same folder.
9. Type the following command -->
gpg --keyed-format 0xlong --verify tails-i386-2.4.iso.sig tails-i386-2.4.iso --> press
[ENTER] key.
10. Please be patience & let it run, once completed you should have the results as shown below. This shows that the iso file is verified and confirmed correct.
11. Download another utility called "
Universal USB Installer", you can visit their website at
PenDrivelinux.com for more information. This utility is portable thus no installations required.
12. You will need a USB flash drive (
at least 4GB) and then run the utility & you will see the screen as shown below, now follows the screenshot steps.
--> Step 1 :
Tails
--> Step 2 :
[ISO file location]
--> Step 3 : Select the
correct USB flash drive.
--> Step 4 : Select "
We will format...." option.
--> Step 5 : Click "
Create" button.
!!! WARNING !!!
Ensure the flash drive is empty as this steps will format it, also ensure it's the correct USB drive selected, please unplug all USB storage devices before proceeding.
13. The progress display as shown. Please be patience and let it complete.
14. Click "
Close" button when completed.
15. Unplug the USB flash drive, let's name it
USB#1 for the convenience of this tutorial.
16. You will need another empty USB flash drive (
USB#2), this flash drive will be your working drive and may contains your data thus
a larger capacity is required.
17. Now restart your computer with
USB#1 plugin and select boot from USB drive (
booting to USB drive steps differs & depends on manufacturer), once booted you should see the following screenshot, select "
Live" boot option and press
[ENTER] key to continue booting.
18. You will be prompted with the following screen, click "
Login" button to continue.
19. Once successfully booted, you will the following desktop as shown below.
20. Now plugin the empty
USB#2 drive (note that the first USB drive aka
USB#1 drive is still plugin) and then goto -->
Applications -->
Tails -->
Tails Installer.
21. Click on "
Install by cloning" option as shown below.
22. When prompted, select
USB#2 drive as shown below.
Ensure its the correct drive.
23. When prompted, click "
Yes" button to continue.
24. The following progress will be displayed, please be patience and wait for it complete. If you disrupt this process it will rendered your
USB#2 drive unusable.
25. Once the installation completed, click "
Close" button.
26. Now you will need to shutdown the system, on the
top right corner click on the drop-down arrow and the sub-menu will be displayed, click on the "
Power" icon as shown to shutdown.
27. Once shutdown, unplug
USB#1 drive but leave the
USB#2 drive plugin. Then switch on back the computer & select boot from USB drive. Select "
Live" boot option when prompted.
28. Click "
Login" button to continue.
29.
This steps is optional if you want to read/write your data files into the flash drive. Now to enable the "
Persistent Volume" option, where you can read/write your data files into the flash drive, goto -->
Application -->
Tails -->
Configure persistent volume.
30. It will prompt you for a "
Passphrase", key-in your preferred passphrase (
recommended to have at least 6 alphanumeric with special characters & hard to guess name, such as your favourite foods or drinks, your pet's name etc.). Next click "
Create" button.
31. Wait for the installation to be completed, the progress screen is as shown below.
32. Now you will be prompted to select which services can be saved into the flash drive, the default selection is enough (unless you know what kind of services you will be using, then you can select more). Click "
Save" button when you are done.
33. Just close the windows when prompted.
34. Now you need to restart the system in order for the new features to be activated, once restarted you will be prompted a new login screen as shown below. Click "
Yes" button under "
Use persistence ?" option and then click "
Login" button to continue.
35. That's all, you can now surf the web safely.
So what do you do with
USB#1 drive ? Well its entirely up to you, it can be reformatted for other purposes or leave it as a backup in case you need it.
So whenever I travel, I will surely bring this
USB#2 drive along. You will never knows when you need it. It is very suitable when used in public computers (eg. Internet Café) or using your friend's computer (when you are unsure its safe or not). Whatever the reasons, it is better safe than sorry later.
I have tested this OS on the following models and it works :-
- HP ProBook 6470b.
- HP EliteBook Folio 9470m Ultrabook.
- HP Compaq Presario CQ42.
- HP Compaq Pro 3000 MT.
- Lenovo IdeaPad Z500.
On my next weekend project, I will be setting up a firewall server and configure it. So stay tune and until next week then.
HAPPY COMPUTING & SAFE SURFING !!!