Awesome-Mirrors/Crypto-OpSec-SelfGuard-RoadMap
1
0
Fork 0
mirror of https://github.com/OffcierCia/Crypto-OpSec-SelfGuard-RoadMap.git synced 2025-01-27 08:17:03 -05:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md

Browse Source 
fix
This commit is contained in:
Crypto Officer | officercia.eth 2023-01-28 21:32:56 +03:00 committed by GitHub
parent ab9a864487
commit ad346718ea
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 25 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
README.md
View File

@ -88,7 +88,7 @@ The most important thing to understand here is the path of the cyber attack
#
#### Problem 1
### Problem 1
Use a secure email provider like Protonmail or Tutanota. Also use trusted VPN like Mullvad or ProtonVPN. E2E (end-to-end) encryption is only as secure as the service you are sending the email to.
@ -127,7 +127,7 @@ You can also use something like [private addresses feature](https://spreadprivac
---
#### Problem 2
### Problem 2
Use different emails and different strong passwords. Store them in one place like a password manager. Never reuse passwords, especially for accounts with personally identifiable and sensitive information (e.g. Facebook, Gmail, AppleID, Twitter, banks/payments, crypto accounts).
@ -175,7 +175,7 @@ If you see suspicious password activity or failed log-ins on any of your account
---
#### Problem 3
### Problem 3
Never link phone numbers to crypto platforms. Use trusted multiple e-sims if you have to link the phone. To lock down your SIM, contact your mobile phone carrier.
@ -198,7 +198,7 @@ Ask them to NEVER make changes to your phone number/SIM unless you physically sh
---
#### Problem 4
### Problem 4
Instead of SMS-based 2FA, use Authy or Aegis OTP for iOS or Android. Google Authenticator is generally not recommended anymore in order to stay out of the Google ecosystem, and Authy offers more robust account recovery options (Aegis does not offer the same level of account recovery options). Keep in mind that the codes generated by 2FA apps are device specific.
@ -216,7 +216,7 @@ Hardware-based 2FA options are regarded as more secure than phone-based OTP opti
---
#### Problem 5
### Problem 5
Cold storage, and separate “hot” wallet. Use multisig ([gnosis-safe.io](https://gnosis-safe.io) as example) or at least a hardware wallet. Never store your seed phrase digitally. Seed phrases are intended to be stored on the paper card included with hardware wallets! That means never type it up, store it online, or take a photo of the card. Store your key on hard device.
@ -257,7 +257,7 @@ Cold storage, and separate “hot” wallet. Use multisig ([gnosis-safe.io](http
---
#### Problem 6
### Problem 6
Offline (better - physical) backups. Store them in a safe. Can be written on paper, but recommended to be etched or laser-printed into metal. Always be sure to have a backup stored somewhere safe if your threat model allows for that.
@ -277,7 +277,7 @@ Ask yourself, what happens if my house catches on fire? What temperature is my s
---
#### Problem 7
### Problem 7
Never do anything you do not understand. Always check which token you approve, transaction you sign, assets you send, etc - be extremely accurate while making any financial operation. Keep in mind that one of possible attack vectors is to put you in a situation that will encourage you to do smth (login or anything like that).
@ -398,7 +398,7 @@ Also check out:
---
#### Problem 8
### Problem 8
Be careful about using your real home address online for delivery purposes. Data breaches are now a daily occurrence, and many breaches include customer names and addresses. Your physical address is not as easily changeable as a phone number or email address, so be especially mindful about where you use it on the Internet.
@ -421,7 +421,7 @@ If youre ordering pizza with crypto, order it for pickup instead of delivery.
---
#### Problem 9
### Problem 9
Remember: You Could Be a Target! We are a natural target for all sorts of attacks — from garden-variety cybercriminals to competitive spying (sounds dramatic, but its real!).
@ -441,7 +441,7 @@ That said, it doesnt really matter what industry youre in. If you have any
---
#### Problem 10
### Problem 10
Remain Vigilant - Create a culture of skepticism where they feel comfortable checking twice before clicking a link or responding to a request for sensitive information, and youll have a much more secure organization overall. Watch out [physical attacks](https://github.com/jlopp/physical-bitcoin-attacks/blob/master/README.md)!
@ -457,7 +457,7 @@ Remain Vigilant - Create a culture of skepticism where they feel comfortable ch
---
#### Problem 11
### Problem 11
OpSec often comes into play in public settings. For example, if members of your team are discussing work-related matters at a nearby lunch spot, during a conference, or over a beer, odds are that someone could overhear. As they say, loose lips can sink ships, so make sure you dont discuss any sensitive company information while out in public.
@ -469,7 +469,7 @@ A lot of OpSec missteps can be avoided by being more aware of your surroundings
---
#### Problem 12
### Problem 12
Identify your sensitive data, including your product research, passwords, intellectual property, financial statements, customer information, and employee information. This will be the data you will need to focus your resources on protecting. Randomization, mimicry and entropy must accompany your every step and manifest itself in literally everything: as you can imagine, the law enforcers of different countries have long ago learned to analyze packets via [DPI](https://github.com/ValdikSS/GoodbyeDPI) (to counter this you may use something like [this](https://github.com/PiMaker/Teletun) or [this](https://github.com/zhenyolka/DPITunnel-androidhttps://github.com/zhenyolka/DPITunnel-android) or [VPN](https://officercia.mirror.xyz/x91hTIDFrAL0lgqICRgWU7fLouuCMgvopQ9ZRvRXCLg)), to match them with the post or message time and perform [timing attacks](https://officercia.mirror.xyz/WeAilwJ9V4GIVUkYa7WwBwV2II9dYwpdPTp3fNsPFjo) and then go to the ISP provider or telecommunications company.
@ -488,7 +488,7 @@ Whatever you do, do it with some element of randomness. If you find it hard to c
---
#### Problem 13
### Problem 13
Identify possible threats. For each category of information that you deem sensitive, you should identify what kinds of threats are present. While you should be wary of third parties trying to steal your information, you should also watch out for insider threats, such as negligent employees and disgruntled workers.
@ -499,7 +499,7 @@ Identify possible threats. For each category of information that you deem sensit
---
#### Problem 14
### Problem 14
Analyze security holes and other vulnerabilities. Assess your current safeguards and determine what, if any, loopholes or weaknesses exist that may be exploited to gain access to your sensitive data.
@ -528,7 +528,7 @@ Better yet, dont store confidential or encrypted files on magnetic storage. S
---
#### Problem 15
### Problem 15
Appraise the level of risk associated with each vulnerability. Rank your vulnerabilities using factors such as the likelihood of an attack happening, the extent of damage that you would suffer, and the amount of work and time you would need to recover. The more likely and damaging an attack is, the more you should prioritize mitigating the associated risk.
@ -536,7 +536,7 @@ Appraise the level of risk associated with each vulnerability. Rank your vulnera
---
#### Problem 16
### Problem 16
Get countermeasures in place. The last step of operational security is to create and implement a plan to eliminate threats and mitigate risks. This could include updating your hardware, creating new policies regarding sensitive data, or training employees on sound security practices and company policies. Countermeasures should be straightforward and simple.
@ -548,7 +548,7 @@ Employees should be able to implement the measures required on their part with o
---
#### Problem 17
### Problem 17
Implement separation of duties. Make sure that those who work on your network are not the same people in charge of security.
@ -556,7 +556,7 @@ Implement separation of duties. Make sure that those who work on your network ar
---
#### Problem 18
### Problem 18
Automate tasks to reduce the need for human intervention. Humans are the weakest link in any organizations operational security initiatives because they make mistakes, overlook details, forget things, and bypass processes.
@ -567,7 +567,7 @@ Automate tasks to reduce the need for human intervention. Humans are the weakest
---
#### Problem 19
### Problem 19
Incident response and disaster recovery planning are always crucial components of a sound security posture. Even when operational security measures are robust, you must have a plan to identify risks, respond to them, and mitigate potential damages.
@ -577,7 +577,7 @@ Incident response and disaster recovery planning are always crucial components o
---
#### Problem 20
### Problem 20
Risk management: The process of identifying, assessing and controlling threats to an organization's capital and earnings. These risks stem from a variety of sources including financial uncertainties, legal liabilities, technology issues, strategic management errors, accidents and natural disasters.
@ -605,7 +605,7 @@ Malware can also have the functionality to "attack" a computer's clipboard. The
---
#### Problem 21
### Problem 21
Your level of opsec usually depends on your threat model and which adversary you're up against. So it's hard to define how good your opsec is. But I'd say it sounds pretty okay. I recommend watching:
@ -629,7 +629,7 @@ Your level of opsec usually depends on your threat model and which adversary you
---
#### Problem 22
### Problem 22
If you use smartphone be extremely aware!
@ -674,7 +674,7 @@ If your pc is comprised, your telegram can be used to exfiltrate your photos. In
---
#### Problem 23
### Problem 23
Only Interact with DeFi Protocols You Trust - Take your time to read up on some previous concepts weve covered such as staking, yield farming, NFT farming, and research any other new terms you may come across before depositing crypto into a DApp that deploys any of these investment strategies.
@ -710,7 +710,7 @@ Check out this [awesome repo!](https://github.com/Msiusko/web3privacy)
---
#### Problem 24
### Problem 24
Use trusted services. Using a secure, easy-to-use crypto wallet to interact with DeFi applications is essential to a safe and user-friendly DeFi experience. Interacting with smart contracts can be tricky for first-time users, so using a beginner-friendly crypto wallet with DApp support is a smart way to mitigate risks stemming from accidental errors on the side of the user. Better do **everything** manually!
@ -722,7 +722,7 @@ Use trusted services. Using a secure, easy-to-use crypto wallet to interact with
---
#### Problem 25
### Problem 25
Be aware of most common attacks. Follow hacker websites, latest security standards, check out what [Nitrokey](https://www.nitrokey.com/) and [YubiKey](https://www.yubico.com) do and why. As a conclusion - read what is [OSINT](https://officercia.mirror.xyz/5KSkJOTgMtvgC36v1GqZ987N-_Oj_zwvGatOk0A47Ws) and [counterOSINT](https://github.com/soxoj/counter-osint-guide-en) so possible criminals won't be able to collect needed data.