mirror of
https://github.com/Lissy93/personal-security-checklist.git
synced 2024-12-23 14:29:30 -05:00
Adds: Sub-addressing and Windows Remote Desktop
This commit is contained in:
parent
13e4705377
commit
2a96d25f2a
@ -118,6 +118,7 @@ The big companies providing "free" email service, don't have a good reputation f
|
|||||||
**Don't Share Sensitive Data via Email** | Optional | Emails are very easily intercepted. Further to this you can’t be sure of how secure your recipient's environment is. Therefore emails cannot be considered safe for exchanging confidential or personal information, unless it is encrypted
|
**Don't Share Sensitive Data via Email** | Optional | Emails are very easily intercepted. Further to this you can’t be sure of how secure your recipient's environment is. Therefore emails cannot be considered safe for exchanging confidential or personal information, unless it is encrypted
|
||||||
**Don’t connect third-party apps to your email account** | Optional | If you give a third-party app or plug-in (such as Unroll.me, Boomerang, SaneBox etc) full access to your inbox, this makes you vulnerable to cyber attacks. Once installed, these apps have unhindered access to all your emails and their contents
|
**Don’t connect third-party apps to your email account** | Optional | If you give a third-party app or plug-in (such as Unroll.me, Boomerang, SaneBox etc) full access to your inbox, this makes you vulnerable to cyber attacks. Once installed, these apps have unhindered access to all your emails and their contents
|
||||||
**Consider switching to a secure email provider** | Optional | Secure and reputable email providers such as [ProtonMail](https://protonmail.com) and [Tutanota](https://tutanota.com) allow for end-to-end encryption, full privacy as well as more security-focused features. Unlike typical email providers, nobody but you can see your mailbox, since all messages are encrypted. See [this guide](https://github.com/OpenTechFund/secure-email) for details of the inner workings of these services. Other encrypted mail providers include: [CounterMail](https://countermail.com), [HushMail](https://www.hushmail.com/tapfiliate/?tap_a=44784-d2adc0&tap_s=724845-260ce4&program=hushmail-for-small-business) (for business users), [MailFence](https://mailfence.com?src=digitald), [see more](/5_Privacy_Respecting_Software.md#encrypted-email). For a comparison between services, see [this article](https://restoreprivacy.com/private-secure-email)
|
**Consider switching to a secure email provider** | Optional | Secure and reputable email providers such as [ProtonMail](https://protonmail.com) and [Tutanota](https://tutanota.com) allow for end-to-end encryption, full privacy as well as more security-focused features. Unlike typical email providers, nobody but you can see your mailbox, since all messages are encrypted. See [this guide](https://github.com/OpenTechFund/secure-email) for details of the inner workings of these services. Other encrypted mail providers include: [CounterMail](https://countermail.com), [HushMail](https://www.hushmail.com/tapfiliate/?tap_a=44784-d2adc0&tap_s=724845-260ce4&program=hushmail-for-small-business) (for business users), [MailFence](https://mailfence.com?src=digitald), [see more](/5_Privacy_Respecting_Software.md#encrypted-email). For a comparison between services, see [this article](https://restoreprivacy.com/private-secure-email)
|
||||||
|
**Subaddressing** | Optional | To keep track of who shared/ leaked your email address, consider using [subaddressing](https://en.wikipedia.org/wiki/Email_address#Subaddressing). This is where anything after the `+` symbol is omitted during mail delivery, for example you the address yourname+tag@example.com denotes the same delivery address as yourname@example.com. This was defined in [RCF-5233](https://tools.ietf.org/html/rfc5233), and supported by most major mail providers (inc Gmail, YahooMail, Outlook, FastMail and ProtonMail). Better still use aliasing / anonymous forwarding
|
||||||
**Use Aliasing / Anonymous Forwarding** | Advanced | Email aliasing allows messages to be sent to [anything]@my-domain.com and still land in your primary inbox. Effectively allowing you to use a different, unique email address for each service you sign up for. This means if you start receiving spam, you can block that alias and determine which company leaked your email address. <br>[Anonaddy](https://anonaddy.com) and [SimpleLogin](https://simplelogin.io/?slref=bridsqrgvrnavso) are open source anonymous email forwarding service allowing you to create unlimited email aliases, with a free plan. More options include: [33Mail](http://33mail.com/Dg0gkEA), [ForwardEmail](https://forwardemail.net) (self-hosted), [SimpleLogin](https://simplelogin.io/?slref=bridsqrgvrnavso), and this feature is also included with [ProtonMail](https://protonmail.com/pricing)'s Visionary package.
|
**Use Aliasing / Anonymous Forwarding** | Advanced | Email aliasing allows messages to be sent to [anything]@my-domain.com and still land in your primary inbox. Effectively allowing you to use a different, unique email address for each service you sign up for. This means if you start receiving spam, you can block that alias and determine which company leaked your email address. <br>[Anonaddy](https://anonaddy.com) and [SimpleLogin](https://simplelogin.io/?slref=bridsqrgvrnavso) are open source anonymous email forwarding service allowing you to create unlimited email aliases, with a free plan. More options include: [33Mail](http://33mail.com/Dg0gkEA), [ForwardEmail](https://forwardemail.net) (self-hosted), [SimpleLogin](https://simplelogin.io/?slref=bridsqrgvrnavso), and this feature is also included with [ProtonMail](https://protonmail.com/pricing)'s Visionary package.
|
||||||
**Use a Custom Domain** | Advanced | When you don't own your email domain name, the organisation providing it may not be around for ever, and you could loose access to all accounts that were registered with that email. However with a custom domain, even if your mail provider ceases to exist, or you are locked out, you can take your domain elsewhere and continue to have access to your email address.
|
**Use a Custom Domain** | Advanced | When you don't own your email domain name, the organisation providing it may not be around for ever, and you could loose access to all accounts that were registered with that email. However with a custom domain, even if your mail provider ceases to exist, or you are locked out, you can take your domain elsewhere and continue to have access to your email address.
|
||||||
**Sync with a client for backup** | Advanced | Further to the above, to avoid loosing temporary or permeant access to your emails during an unplanned event (such as an outage). Consider syncing your emails to a secure device, like your primary laptop, via IMAP. This will not remove any messages from the server, but will ensure you have always got a full offline backup of all important communications
|
**Sync with a client for backup** | Advanced | Further to the above, to avoid loosing temporary or permeant access to your emails during an unplanned event (such as an outage). Consider syncing your emails to a secure device, like your primary laptop, via IMAP. This will not remove any messages from the server, but will ensure you have always got a full offline backup of all important communications
|
||||||
@ -221,6 +222,7 @@ Although Windows and OS X are easy to use and convenient, they both are far from
|
|||||||
**Attach only known and trusted external hardware** | Recommended | Over the years there have been a variety of vulnerabilities in each major operating system relating to connecting untrusted hardware. In some cases the hardware talks to the host computer in a way the host computer does not expect, exploiting a vulnerability and directly infecting the host
|
**Attach only known and trusted external hardware** | Recommended | Over the years there have been a variety of vulnerabilities in each major operating system relating to connecting untrusted hardware. In some cases the hardware talks to the host computer in a way the host computer does not expect, exploiting a vulnerability and directly infecting the host
|
||||||
**Don't charge unknown mobile devices from your PC** | Optional | If friends or colleagues want to charge their devices via USB, do not do this through your computers ports (unless you have a data blocker). By default the phone will want to sync to the host computer, but there is also specially crafted malware which takes advantage of the face that computers naturally trust connected USB devices. The owner of the phone may not even realize their device is infected
|
**Don't charge unknown mobile devices from your PC** | Optional | If friends or colleagues want to charge their devices via USB, do not do this through your computers ports (unless you have a data blocker). By default the phone will want to sync to the host computer, but there is also specially crafted malware which takes advantage of the face that computers naturally trust connected USB devices. The owner of the phone may not even realize their device is infected
|
||||||
**Encrypt and Backup Important Files** | Optional | Backing up your phone can help keep your important data safe, if your device is lost, stolen or broken. But if you put your backup encrypted in the cloud, cloud providers will have access to it (if you don't pay for the service, then you are the product!). <br>[Cryptomator](https://cryptomator.org/) is an open source tool that makes this easy. It also works alongside [MountainDuck](https://mountainduck.io/) for mounting your remote drives on Windows and Mac. Other non-open-source options are [BoxCrypter](https://www.boxcryptor.com/), [Encrypto](https://macpaw.com/encrypto) and [odrive](https://www.odrive.com/).
|
**Encrypt and Backup Important Files** | Optional | Backing up your phone can help keep your important data safe, if your device is lost, stolen or broken. But if you put your backup encrypted in the cloud, cloud providers will have access to it (if you don't pay for the service, then you are the product!). <br>[Cryptomator](https://cryptomator.org/) is an open source tool that makes this easy. It also works alongside [MountainDuck](https://mountainduck.io/) for mounting your remote drives on Windows and Mac. Other non-open-source options are [BoxCrypter](https://www.boxcryptor.com/), [Encrypto](https://macpaw.com/encrypto) and [odrive](https://www.odrive.com/).
|
||||||
|
**Disable Remote Desktop (Windows)** | Optional | Windows Remote Desktop allows you or others to connect to your computer remotely over a network connection — effectively accessing everything on your computer as if you are directly connected to it. However it can be exploited, and used as a gateway for hackers to steal personal files or take control of your computer. This only applies to Windows users. Follow [this guide](https://www.lifewire.com/disable-windows-remote-desktop-153337) for disabling Remote Desktop
|
||||||
**Uninstall Adobe Acrobat** | Optional | Adobe Acrobat was designed in a different age, before the Internet. Acrobat has had vulnerabilities that allowed specially crafted PDFs to load malware onto your system for the last two decades. Undoubtedly more vulnerabilities remain. You can use your browser to view PDFs, and browser-based software for editing
|
**Uninstall Adobe Acrobat** | Optional | Adobe Acrobat was designed in a different age, before the Internet. Acrobat has had vulnerabilities that allowed specially crafted PDFs to load malware onto your system for the last two decades. Undoubtedly more vulnerabilities remain. You can use your browser to view PDFs, and browser-based software for editing
|
||||||
**Detect/ Remove Software Keyloggers** | Optional | A software keylogger is a malicious application running in the background that logs (and usually relays to a server) every key you press, aka all data that you type (passwords, emails, search terms, financial details etc). The best way to stay protected it, to be careful when downloading software from the internet, keep Windows defender or your anti-virus enabled and up-to-date, and run scans regularly. Another option to prevent this, is a key stroke encryption tool. [GhostPress](https://schiffer.tech/ghostpress.html) (developed by Schiffer) or [KeyScrambler](https://www.qfxsoftware.com) (developed by Qian Wang) work by encrypting your keystrokes at the keyboard driver level, and then decrypting them at the application level, meaning any software keylogger would just receive encrypted junk data. Most software keyloggers can be detected using [rootkit-revealer](https://docs.microsoft.com/en-us/sysinternals/downloads/rootkit-revealer), and then removed with a rootkit removal tools (such as [Malwarebytes anti-rootkit](https://www.malwarebytes.com/antirootkit) or [SpyShelter Anti-Keylogger Free](https://www.spyshelter.com)).
|
**Detect/ Remove Software Keyloggers** | Optional | A software keylogger is a malicious application running in the background that logs (and usually relays to a server) every key you press, aka all data that you type (passwords, emails, search terms, financial details etc). The best way to stay protected it, to be careful when downloading software from the internet, keep Windows defender or your anti-virus enabled and up-to-date, and run scans regularly. Another option to prevent this, is a key stroke encryption tool. [GhostPress](https://schiffer.tech/ghostpress.html) (developed by Schiffer) or [KeyScrambler](https://www.qfxsoftware.com) (developed by Qian Wang) work by encrypting your keystrokes at the keyboard driver level, and then decrypting them at the application level, meaning any software keylogger would just receive encrypted junk data. Most software keyloggers can be detected using [rootkit-revealer](https://docs.microsoft.com/en-us/sysinternals/downloads/rootkit-revealer), and then removed with a rootkit removal tools (such as [Malwarebytes anti-rootkit](https://www.malwarebytes.com/antirootkit) or [SpyShelter Anti-Keylogger Free](https://www.spyshelter.com)).
|
||||||
**Check Keyboard Connection** | Optional | Check your keyboards USB cable before using, bring your own keyboard to work and watch out for sighns that it may have been tampered with. A hardware keylogger is a physical device that either sits between your keyboard and the USB connection into your PC, or is implanted into your keyboard. It intercepts and stores keystrokes, and in some cases can remotely upload them. Unlike a software logger, they can not be detected from your PC, but also they can not intercept data from virtual keyboards (like [OSK](https://support.microsoft.com/en-us/help/10762/windows-use-on-screen-keyboard)), clipboard or auto-fill password managers.
|
**Check Keyboard Connection** | Optional | Check your keyboards USB cable before using, bring your own keyboard to work and watch out for sighns that it may have been tampered with. A hardware keylogger is a physical device that either sits between your keyboard and the USB connection into your PC, or is implanted into your keyboard. It intercepts and stores keystrokes, and in some cases can remotely upload them. Unlike a software logger, they can not be detected from your PC, but also they can not intercept data from virtual keyboards (like [OSK](https://support.microsoft.com/en-us/help/10762/windows-use-on-screen-keyboard)), clipboard or auto-fill password managers.
|
||||||
|
Loading…
Reference in New Issue
Block a user