mirror of
https://github.com/Lissy93/personal-security-checklist.git
synced 2024-12-18 12:14:38 -05:00
Adds links to recommended software
This commit is contained in:
parent
cadbb7d256
commit
56ffd05a15
33
README.md
33
README.md
@ -38,6 +38,9 @@ Use strong passwords, which can't be easily guessed or cracked. Length is more i
|
|||||||
**Use an offline password manager** | Advanced | Consider an offline password manager, encrypted by a strong password. If you work across two or more computers, this could be stored on an encrypted USB. [KeePass](http://keepass.info/) is a strong choice.
|
**Use an offline password manager** | Advanced | Consider an offline password manager, encrypted by a strong password. If you work across two or more computers, this could be stored on an encrypted USB. [KeePass](http://keepass.info/) is a strong choice.
|
||||||
**If possible, try to avoid biometric and hardware-based authentication** | Advanced | Fingerprint sensors, face detection and voice recognition are all hackable. Where possible replace these with traditional strong passwords.
|
**If possible, try to avoid biometric and hardware-based authentication** | Advanced | Fingerprint sensors, face detection and voice recognition are all hackable. Where possible replace these with traditional strong passwords.
|
||||||
|
|
||||||
|
**See also** [Recommended Password Managers](https://github.com/Lissy93/personal-security-checklist/blob/master/6_Privacy_Respecting_Software.md#password-managers)
|
||||||
|
|
||||||
|
|
||||||
## 2-Factor Authentication
|
## 2-Factor Authentication
|
||||||
|
|
||||||
This is a more secure method of logging in, where you supply not just your password, but also an additional code usually from a device that only you have access to.
|
This is a more secure method of logging in, where you supply not just your password, but also an additional code usually from a device that only you have access to.
|
||||||
@ -54,6 +57,9 @@ Check which websites support multi-factor authentication: [twofactorauth.org](ht
|
|||||||
**Don't use your Password Manager to store 2FA tokens** | Optional | One of the quickest approachs is to use the same system that stores your passwords, to also generate and fill OTP tokens, both LastPass and 1Password have this functionality. However if a malicious actor is able to gain access to this, they will have both your passwords, and your 2FA tokens, for all your online accounts. Instead use a seperate authenticator from your password manager.
|
**Don't use your Password Manager to store 2FA tokens** | Optional | One of the quickest approachs is to use the same system that stores your passwords, to also generate and fill OTP tokens, both LastPass and 1Password have this functionality. However if a malicious actor is able to gain access to this, they will have both your passwords, and your 2FA tokens, for all your online accounts. Instead use a seperate authenticator from your password manager.
|
||||||
**Consider a hardware 2FA Key** | Optional | A physical 2FA key generates an OTP when inserted. Have a look at [NitroKey](https://www.nitrokey.com/) (open source), [YubiKey](https://www.yubico.com/) or [Solo Key](https://amzn.to/2Fe5Icw). You can also use it as a secondary method (in case your phone is lost or damaged). If this is your backup 2FA method, it should be kept somewhere secure, such as a locked safe, or if you use as physical key as your primary 2FA method, then keep it on you at all times.
|
**Consider a hardware 2FA Key** | Optional | A physical 2FA key generates an OTP when inserted. Have a look at [NitroKey](https://www.nitrokey.com/) (open source), [YubiKey](https://www.yubico.com/) or [Solo Key](https://amzn.to/2Fe5Icw). You can also use it as a secondary method (in case your phone is lost or damaged). If this is your backup 2FA method, it should be kept somewhere secure, such as a locked safe, or if you use as physical key as your primary 2FA method, then keep it on you at all times.
|
||||||
|
|
||||||
|
**See also** [Recommended 2FA Apps](https://github.com/Lissy93/personal-security-checklist/blob/master/6_Privacy_Respecting_Software.md#2-factor-authentication)
|
||||||
|
|
||||||
|
|
||||||
## Browser and Search
|
## Browser and Search
|
||||||
|
|
||||||
Most modern web browsers support add-ons and extensions, these can access anything that you do online, avoid installing anything that may not be legitimate and check permissions first. Be aware that ever website that you interact with, including search engines will likely be keeping records of all your activity. Last year Kaspersky reported [over a million data exploits caused by malicious sites](https://securelist.com/it-threat-evolution-q1-2017-statistics/78475/).
|
Most modern web browsers support add-ons and extensions, these can access anything that you do online, avoid installing anything that may not be legitimate and check permissions first. Be aware that ever website that you interact with, including search engines will likely be keeping records of all your activity. Last year Kaspersky reported [over a million data exploits caused by malicious sites](https://securelist.com/it-threat-evolution-q1-2017-statistics/78475/).
|
||||||
@ -79,6 +85,10 @@ For more browser security pointers, check out: [Here’s How To Get Solid Browse
|
|||||||
**Disable JavaScript** | Advanced | Many modern web apps are JavaScript based, so disabling it will greatly decrease your browsing experience. But if you really want to go all out, then it will reduce your attack surface. Read more about the growing [risk of JavaScript malware](https://heimdalsecurity.com/blog/javascript-malware-explained/).
|
**Disable JavaScript** | Advanced | Many modern web apps are JavaScript based, so disabling it will greatly decrease your browsing experience. But if you really want to go all out, then it will reduce your attack surface. Read more about the growing [risk of JavaScript malware](https://heimdalsecurity.com/blog/javascript-malware-explained/).
|
||||||
**Route all desktop traffic via Tor** | Advanced | [Whonix](https://www.whonix.org/) allows for fail-safe, automatic, and desktop-wide use of the Tor network. It's based on Debian, and runs in in a virtual machine. Straigt-forward to install on Windows, OSX or Linux.
|
**Route all desktop traffic via Tor** | Advanced | [Whonix](https://www.whonix.org/) allows for fail-safe, automatic, and desktop-wide use of the Tor network. It's based on Debian, and runs in in a virtual machine. Straigt-forward to install on Windows, OSX or Linux.
|
||||||
|
|
||||||
|
**See also**
|
||||||
|
- [Recommended Privacy Browsers](https://github.com/Lissy93/personal-security-checklist/blob/master/6_Privacy_Respecting_Software.md#browsers)
|
||||||
|
- [Recommended Browser Extensions](https://github.com/Lissy93/personal-security-checklist/blob/master/6_Privacy_Respecting_Software.md#browser-extensions)
|
||||||
|
|
||||||
|
|
||||||
## Emails
|
## Emails
|
||||||
|
|
||||||
@ -98,6 +108,8 @@ It's strongly advised not to use non-encrypted email, but if you follow these gu
|
|||||||
**Don’t connect third-party apps to your email account** | Optional | If you give a third-party app (like Unroll.me) full access to your inbox, this makes you vulnerable to cyber attacks. The app can be compromised and, as a consequence, cyber criminals would gain unhindered access to all your emails and their contents.
|
**Don’t connect third-party apps to your email account** | Optional | If you give a third-party app (like Unroll.me) full access to your inbox, this makes you vulnerable to cyber attacks. The app can be compromised and, as a consequence, cyber criminals would gain unhindered access to all your emails and their contents.
|
||||||
**Consider switching to a more secure email provider** | Optional | Email providers such as [ProtonMail](https://protonmail.com), [CounterMail](https://countermail.com), [HushMail](https://www.hushmail.com) (for business users) or [MailFence](https://mailfence.com) allow for end-to-end encryption, full privacy as well as more security-focused features. See [this guide](https://github.com/OpenTechFund/secure-email) for a details of the inner workings of these services.
|
**Consider switching to a more secure email provider** | Optional | Email providers such as [ProtonMail](https://protonmail.com), [CounterMail](https://countermail.com), [HushMail](https://www.hushmail.com) (for business users) or [MailFence](https://mailfence.com) allow for end-to-end encryption, full privacy as well as more security-focused features. See [this guide](https://github.com/OpenTechFund/secure-email) for a details of the inner workings of these services.
|
||||||
|
|
||||||
|
**See also** [Recommended Encrypted Email Providers](https://github.com/Lissy93/personal-security-checklist/blob/master/6_Privacy_Respecting_Software.md#encrypted-email)
|
||||||
|
|
||||||
## Social Media
|
## Social Media
|
||||||
|
|
||||||
**Security** | **Priority** | **Details and Hints**
|
**Security** | **Priority** | **Details and Hints**
|
||||||
@ -110,6 +122,11 @@ It's strongly advised not to use non-encrypted email, but if you follow these gu
|
|||||||
**Remove metadata before uploading media** | Optional | Most smartphones and some cameras automatically attach a comprehensive set of additional data to each photograph., This usually includes things like time, date, location, camera model, user etc. Remove this data before uploading. See [this guide](https://www.makeuseof.com/tag/3-ways-to-remove-exif-metadata-from-photos-and-why-you-might-want-to/) for more info.
|
**Remove metadata before uploading media** | Optional | Most smartphones and some cameras automatically attach a comprehensive set of additional data to each photograph., This usually includes things like time, date, location, camera model, user etc. Remove this data before uploading. See [this guide](https://www.makeuseof.com/tag/3-ways-to-remove-exif-metadata-from-photos-and-why-you-might-want-to/) for more info.
|
||||||
**Don’t have any social media accounts** | Advanced | It may seem a bit extreme, but if your serious about data privacy and security, stay away from entering information on any social media platform.
|
**Don’t have any social media accounts** | Advanced | It may seem a bit extreme, but if your serious about data privacy and security, stay away from entering information on any social media platform.
|
||||||
|
|
||||||
|
**See also**
|
||||||
|
- [Alternative Social Media](https://github.com/Lissy93/personal-security-checklist/blob/master/6_Privacy_Respecting_Software.md#social-networks)
|
||||||
|
- [Alternative Video Platforms](https://github.com/Lissy93/personal-security-checklist/blob/master/6_Privacy_Respecting_Software.md#video-platforms)
|
||||||
|
- [Alternative Blogging Platforms](https://github.com/Lissy93/personal-security-checklist/blob/master/6_Privacy_Respecting_Software.md#blogging-platforms)
|
||||||
|
- [News Readers and Aggregation](https://github.com/Lissy93/personal-security-checklist/blob/master/6_Privacy_Respecting_Software.md#news-readers-and-aggregation)
|
||||||
|
|
||||||
## Networking
|
## Networking
|
||||||
|
|
||||||
@ -135,6 +152,14 @@ A Virtual Private Network (VPN) protects your IP, and allows you to more securel
|
|||||||
**Kill unused process and services on your router** | Advanced | Services like Telnet and SSH (Secure Shell) that provide command-line access to devices should never be exposed to the internet and should also be disabled on the local network unless they're actually needed. In general, [any service that’s not used should be disabled](https://www.securityevaluators.com/knowledge/case_studies/routers/soho_service_hacks.php) to reduce attack surface.
|
**Kill unused process and services on your router** | Advanced | Services like Telnet and SSH (Secure Shell) that provide command-line access to devices should never be exposed to the internet and should also be disabled on the local network unless they're actually needed. In general, [any service that’s not used should be disabled](https://www.securityevaluators.com/knowledge/case_studies/routers/soho_service_hacks.php) to reduce attack surface.
|
||||||
**Disable WiFi on all Devices** | Advanced | Connecting to even a secure WiFi network increases your attack surface. Disabling your home WiFi and connect each device via Ethernet, and turning off WiFi on your phone and using a USB-C/ Lightening to Ethernet cable will protect against WiFi exploits, as Edward Snowden [says here](https://twitter.com/snowden/status/1175431946958233600?lang=en).
|
**Disable WiFi on all Devices** | Advanced | Connecting to even a secure WiFi network increases your attack surface. Disabling your home WiFi and connect each device via Ethernet, and turning off WiFi on your phone and using a USB-C/ Lightening to Ethernet cable will protect against WiFi exploits, as Edward Snowden [says here](https://twitter.com/snowden/status/1175431946958233600?lang=en).
|
||||||
|
|
||||||
|
**Recommended Software**
|
||||||
|
- [Virtual Private Networks](https://github.com/Lissy93/personal-security-checklist/blob/master/6_Privacy_Respecting_Software.md#virtual-private-networks)
|
||||||
|
- [Mix Networks](https://github.com/Lissy93/personal-security-checklist/blob/master/6_Privacy_Respecting_Software.md#mix-networks)
|
||||||
|
- [Open Source Proxies](https://github.com/Lissy93/personal-security-checklist/blob/master/6_Privacy_Respecting_Software.md#proxies)
|
||||||
|
- [DNS Providers](https://github.com/Lissy93/personal-security-checklist/blob/master/6_Privacy_Respecting_Software.md#dns)
|
||||||
|
- [Firewalls](https://github.com/Lissy93/personal-security-checklist/blob/master/6_Privacy_Respecting_Software.md#firewalls)
|
||||||
|
- [Network Analysis Tools](https://github.com/Lissy93/personal-security-checklist/blob/master/6_Privacy_Respecting_Software.md#network-analysis)
|
||||||
|
|
||||||
|
|
||||||
## Mobile Devices
|
## Mobile Devices
|
||||||
|
|
||||||
@ -164,6 +189,7 @@ SMS texting and traditional phone calls are not secure, so it's imprortant to av
|
|||||||
**Consider Orbot** | Advanced | [Orbot](https://guardianproject.info/apps/orbot/) provides a system-wide [Tor](https://www.torproject.org/) connection. Although more secure than a VPN, it may be slower- see [Networking](#networking) section for more details.
|
**Consider Orbot** | Advanced | [Orbot](https://guardianproject.info/apps/orbot/) provides a system-wide [Tor](https://www.torproject.org/) connection. Although more secure than a VPN, it may be slower- see [Networking](#networking) section for more details.
|
||||||
**Consider running a custom ROM if you have an Android device** | Advanced | Your default OS tracks information about your usage, and app data, constantly. Consider a security-focused custom ROM, such as [Lineage](https://lineageos.org) or [CopperheadOS](https://copperhead.co/android/).
|
**Consider running a custom ROM if you have an Android device** | Advanced | Your default OS tracks information about your usage, and app data, constantly. Consider a security-focused custom ROM, such as [Lineage](https://lineageos.org) or [CopperheadOS](https://copperhead.co/android/).
|
||||||
|
|
||||||
|
**See also** [Recommended Mobile Apps, for Security + Privacy](https://github.com/Lissy93/personal-security-checklist/blob/master/6_Privacy_Respecting_Software.md#mobile-apps)
|
||||||
|
|
||||||
## Personal Computers
|
## Personal Computers
|
||||||
|
|
||||||
@ -183,6 +209,9 @@ Although Windows and OS X are easy to use and convenient, they both are far from
|
|||||||
**Password protect your BIOS and drives** | Advanced | A BIOS or UEFI password helps to make an inexperienced hackers life a bit harder if they get a hold of your PC or hard drive, [here is a guide on how to do it](https://www.howtogeek.com/186235/how-to-secure-your-computer-with-a-bios-or-uefi-password/).
|
**Password protect your BIOS and drives** | Advanced | A BIOS or UEFI password helps to make an inexperienced hackers life a bit harder if they get a hold of your PC or hard drive, [here is a guide on how to do it](https://www.howtogeek.com/186235/how-to-secure-your-computer-with-a-bios-or-uefi-password/).
|
||||||
**Canary Tokens** | Advanced | Network breaches happen, but the longer it takes for you to find out about it, the more damage is done. A canary token is like a hacker honeypot, something that looks appealing to them once they've gained access to your system. When they open the file, unknowingly to them, a script is run which will not only alert you of the breach, but also grab some of the hackers system details. <br>[CanaryTokens.org](https://canarytokens.org/generate) and [BlueCloudDrive](https://blueclouddrive.com/generate) are excellent sites, that you can use to generate your tokens. Then just leave them somewhere prominent on your system. [Learn more](https://blog.thinkst.com/p/canarytokensorg-quick-free-detection.html) about canary tokens, or see [this guide](https://resources.infosecinstitute.com/how-to-protect-files-with-canary-tokens/) for details on how to create them yourself.
|
**Canary Tokens** | Advanced | Network breaches happen, but the longer it takes for you to find out about it, the more damage is done. A canary token is like a hacker honeypot, something that looks appealing to them once they've gained access to your system. When they open the file, unknowingly to them, a script is run which will not only alert you of the breach, but also grab some of the hackers system details. <br>[CanaryTokens.org](https://canarytokens.org/generate) and [BlueCloudDrive](https://blueclouddrive.com/generate) are excellent sites, that you can use to generate your tokens. Then just leave them somewhere prominent on your system. [Learn more](https://blog.thinkst.com/p/canarytokensorg-quick-free-detection.html) about canary tokens, or see [this guide](https://resources.infosecinstitute.com/how-to-protect-files-with-canary-tokens/) for details on how to create them yourself.
|
||||||
|
|
||||||
|
**Recommended Software**
|
||||||
|
- [AV and Malware Prevention](https://github.com/Lissy93/personal-security-checklist/blob/master/6_Privacy_Respecting_Software.md#anti-virus-and-malware-prevention)
|
||||||
|
- [Operating Systems](https://github.com/Lissy93/personal-security-checklist/blob/master/6_Privacy_Respecting_Software.md#operating-systems)
|
||||||
|
|
||||||
## Smart Home
|
## Smart Home
|
||||||
|
|
||||||
@ -208,6 +237,10 @@ The most privacy-respecting option, would be to not use "smart" internet-connect
|
|||||||
**Denny internet access where possible** | Advanced | If possible deny the device/ app internet access, and use it only on your local network. You can configure a firewall to block certain devices from sending or receiving from the internet.
|
**Denny internet access where possible** | Advanced | If possible deny the device/ app internet access, and use it only on your local network. You can configure a firewall to block certain devices from sending or receiving from the internet.
|
||||||
**Assess risks** | Advanced | Assess risks with your audience and data in mind: Be mindful of whose data is being collected, e.g. kids. Manage which devices can opperate when (such as turning cameras off when you are at home, or disabling the internet for certain devices at specific times of day)
|
**Assess risks** | Advanced | Assess risks with your audience and data in mind: Be mindful of whose data is being collected, e.g. kids. Manage which devices can opperate when (such as turning cameras off when you are at home, or disabling the internet for certain devices at specific times of day)
|
||||||
|
|
||||||
|
**Recommended Software**
|
||||||
|
- [Home Automation](https://github.com/Lissy93/personal-security-checklist/blob/master/6_Privacy_Respecting_Software.md#home-automation)
|
||||||
|
- [AI Voice Assistants](https://github.com/Lissy93/personal-security-checklist/blob/master/6_Privacy_Respecting_Software.md#ai-voice-assistants)
|
||||||
|
|
||||||
|
|
||||||
## Sensible Computing
|
## Sensible Computing
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user