Cybersecurity: hardware to be more secure

security hardware

We are very used to talking about software-based security solutions, such as antivirus, firewall, IDS, encryption programs, 2FA, etc. However, for some users, the hardware-based security it is somewhat more in the shade, despite the fact that they could be more powerful and easier to implement solutions in some cases.

That is why I have dedicated this article especially to provide these solutions hardware for security that you can use at home or in the company:

This article will be solution oriented with peripherals and devices (HSM), not built-in hardware solutions, such as TEE, TPM 2.0, integrated fingerprint sensors, etc.

U2F keys

security hardware, U2F

The U2F keys they are cheap, and it is a kind of hardware-based double authentication system. In order to use this USB device, all you have to do is connect it to your PC as you would a pendrive, only the first time it will generate a random number to generate different hashes that will be used to log in to the linked platforms or services.

When you have to log in to that service, all you have to do is plug the USB key into the port and wait for the browser recognizes it and checks. In this way, other people without having this device will not be able to access your account even if they know the password.

These keys are usually Compatible with the main web browsers, such as Mozilla Firefox, Google Chrome, Opera, etc., as well as some well-known services, such as Google (GMAIL, Docs, Adsense,…), Dropbox, GitHub, Facebook, etc.

If you dare to buy any of these USB keys, here are some recommendations (it is important that they have a FIDO2 certificate):

hardware firewall

hardware firewall

Un firewall, or firewalls, is a defense system that blocks unauthorized network access, or allows communications authorized by the user or system administrator. Well, in addition to those based on software, there are also those based on hardware.

These devices can be interesting for companies and servers, being able to configure them in a similar way to a router, from a web interface using the browser. In addition, being placed between the Internet and the router, all the devices connected to said router will be protected, without having to configure each one.

These devices can be found in a more compact form, similar to a router, for the home, or for server racks. Some recommendations are:

  • For home:
  • For the company:
  • For server (rack):

VPN Router and VPN Box

vpn-router

As you know, one VPN (Virtual Private Network) allows you to create an encrypted channel to browse the Internet more securely. In addition, it will prevent your browsing data from being accessible by the ISP, you will be able to access blocked content in your area by changing the IP to that of another country, it will improve your anonymity, etc. Many of these services can be used through client apps, however, these apps should be installed on each of the devices you connect to a network so that they are all under the protection of the VPN.

One solution is to use a vpn router/box that allows you to configure these services (ExpressVPN, NordVPN, VyperVPN, CyberGhost, Surfshark, IPVanish...) and thus all the devices you connect to it will be protected (mobile devices, smart TVs, consoles, PCs, IoT, etc.). Even if there was no client app for that platform.

Some router recommendations good to use with VPN:

Shellfire also has the vpn box, which are automatic and auto-configured to make things easier for non-technical users:

encryption hardware

hardware encryption

El encryption it is usually a somewhat "heavy" task for the hardware. However, there are hardware encryption cards or devices that assist the software. These systems implement a dedicated processor for this, which can be an advantage. There are some based on ARM chips, on x86, also in PCI card format, USB keys to encrypt data, etc.

Some of the most practical solutions to have your encrypted data are USB keys and external hard drives they have encryption system built-in. here you can find some recommendations on the table:

You also have Hardware Encrypted NAS included, to have your "cloud" private and secure, such as:

PKI token hardware

The PKI tokens they are hardware devices that store private keys and digital certificates securely. When you need to encrypt, decrypt, or sign for some type of service, procedure, etc., you can use these devices safely.

In the market you can find several of these solutions, Such as Thales group, macro securitythose of microcosm, etc.

You also have at your disposal some SmartCard or smart card readers, as well as for the electronic DNI to perform online transactions. Some of these recommended devices are:

SSL/TLS Accelerator

hardware TSL SSL accelerator

The hardware SSL/TSL accelerators They are devices that also contribute to security, and that you can find in various formats, such as PCI expansion cards, in addition to being installed in racks. A way to offload the CPU from this work, since this other component will be dedicated to it. However, these systems are not used in the home or small business, but on servers.

Secure hardware payment system

Thales secure payment HSM

These secure payment systems by hardware they do not make much sense at home either, but they do for some organizations, companies, etc. These HSM systems are security-enhancing and tamper-resistant devices that can be used in the retail banking industry. Thus, it provides high levels of protection for encryption keys, customer PINs used in magnetic stripe cards and EMV chip (or similar) issuances, etc. Some providers of this type of solutions are Thales, PayCore, services such as MyHMS, etc.

Wallet or purse for cryptocurrencies

cryptocurrency hardware wallet

Wallet, or portfolio, wallet, virtual wallet, or whatever you want to call it, is a system to store and manage your assets in cryptocurrencies. It can be implemented by software or also by hardware, designed exclusively to store the public and private keys of your cryptocurrencies.

Some purchase recommendations are:

Biometric sensors

biometric sensor

There are several types of biometric sensor to improve hardware security, and that can replace access methods with conventional credentials (username and password) by the recognition of unique biometric parameters in each person. For example, there are some like:

  • Fingerprint sensors.
  • Facial recognition.
  • Iris recognition.
  • Speech recognition.
  • Hand geometry.
  • Signature verification.

They can be used for various applications, from accessing a service or logging in, to opening doors, etc. In other words, they can not only help you improve digital security, but also at a physical or perimeter level. Some devices that may interest you are:

Kensington lock and similar

Kensington lock

And famous kensington lock It is a security connector that can be inserted into a small hole included in some models of laptops and whose purpose is to prevent theft of these devices. It is used to anchor a lock and was designed and manufactured by Kensington Computer Products. Currently, there are other brands that offer similar solutions.

Little by little, other solutions have been appearing for other equipment, from desktop PCs to mobile devices such as tablets or smartphones.

Some purchase recommendations are:

Others

webcam cover

Also exist many other solutions to improve hardware security, some not without controversy, others very cheap and practical. From the usual covers for the front cameras (the webcam of a laptop, AIO, mobile phones), so that they do not monitor you without your consent, to false data generators such as the charger Mud.


The content of the article adheres to our principles of editorial ethics. To report an error click here!.

Be the first to comment

Leave a Comment

Your email address will not be published.

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.