mirror of
https://github.com/Lissy93/personal-security-checklist.git
synced 2024-12-28 16:59:22 -05:00
Adds: Shut down to ensure disk is encrypted
This commit is contained in:
parent
34aa741046
commit
69fecec5ae
@ -320,6 +320,7 @@ Although Windows and OS X are easy to use and convenient, they both are far from
|
||||
**Manage Permissions** | Recommended | In a similar way to phones, your OS can grant certain permissions to applications. It's important to keep control over which apps and services have access to your location, camera, microphone, contacts, calendar and other account information. Some systems let you restrict which apps can send or recieve messages, as well as which apps can which processes can control radios such as Bluetooth and WiFi. In Windows, navigate to `Settings --> Privacy`, and for MacOS, go to `System Preferences --> Security & Privacy --> Privacy`. <br>Note that there are other methods that apps can use to access this data, and this is just one step towards protecting it. You should check back regularly, as sometimes system updates can cause some privacy settings to be modified or reverted
|
||||
**Disallow Usage Data from being sent to the Cloud** | Recommended | Both Windows and MacOS collect usage information or feedback, which is send to the cloud for analytics, diagnostics and research. Although this data should be anonymized, it can often be linked back to your identity when compared with other usage data. In Windows, there is no way to disable this fully, but you can limit it- navigate to `Settings --> Privacy --> Feedback & diagnostics`, and select `Basic`. You also have the option to disallow your advertising ID from being shared with apps on your system. In MacOS, it can be turned off fully, go to `System Preferences --> Privacy --> Diagnostics & Usage`, and untick both options
|
||||
**Avoid Quick Unlock** | Recommended | Use a password to unlock your computer, ensure it is long and strong. Avoid biometrics such as facial recognition and fingerprint. These can be spoofed, allowing an intruder access to your account. Also, for Windows devices, avoid using a short PIN to unlock your machine.
|
||||
**Power Off Computer, instead of Standby** | Recommended | You must shut down your device when not in use, in order for the disk to be encrypted. Leaving it in standby/ sleep mode keeps your data in an unencrypted state, and vulnerable to theft. Microsoft even recommends [disabling the sleep functionality](https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-security-faq#what-are-the-implications-of-using-the-sleep-or-hibernate-power-management-options) all together, once BitLocker is enabled. This only applies to encrypted disks, and is true for FileVault (MacOS), BitLocker (Windows), VeraCrypt, Self-Encrypting Drives and most other disk encryption methods. Another reason to shut down, is because the machine is completely offline while it is off, and cannot be hacked remotely. It also can't communicate with a command and control server, if it has already been infected with an exploit
|
||||
**Don't link your PC with your Microsoft or Apple Account** | Optional | Create a local account only. This will prevent some data about your usage being uploaded and synced between devices. Avoid syncing your iPhone or Android device to your computer, as this will automatically lead to it being associated with your Apple, Microsoft or Google account. <br>If sync is important to you, there are open source services that encrypt you data, and sync between devices. For example [XBrowserSync](https://www.xbrowsersync.org/) for bookmarks, history and browser data, [ETESync](https://www.etesync.com/accounts/signup/?referrer=QK6g) for calendar, contacts and tasks, [Syncthing](https://syncthing.net/) for files, folders and filesystems
|
||||
**Check which Sharing Services are Enabled** | Optional | The ability to share files and services with other machines within your network, can be useful, but also acts as a gateway for common threats. You should disable the network sharing features that you are not using. For Windows, navigate to `Control Panel --> Network and Internet --> Network and Sharing Center --> Advanced sharing settings`, and for MacOS, just go to `System Preferences --> Sharing` and disable anything that you do not need. For Windows users, you should ensure that [remote desktop is disabled](https://www.laptopmag.com/articles/disable-remote-desktop). And also control apps’ ability to sync with non-pairing devices, such as beacons that transmit advertising information- this is also in the privacy settings
|
||||
**Don't use Root/ Admin Account for Non-Admin Tasks** | Optional | You should not use administrator / root account for general use. Instead, use an unprivileged user account, and temporarily elevate permissions when you need to make administrator changes. This will [mitigate a large proportion of vulnerabilities](https://www.ghacks.net/2017/02/23/non-admin-accounts-mitigate-94-of-critical-windows-vulnerabilities/), because a malicious program or an attacker can do significantly less damage without an administrator power. See [this guide for Windows and MacOS](https://www.maketecheasier.com/why-you-shouldnt-use-admin-account/), on how to implement this. You should also ensure that a password is required for all system wide changes, as this helps protect against malware doing widespread damage. In Windows this is enabled by default, in MacOS, navigate to `System Preferences --> Security & Privacy --> General --> Advanced`
|
||||
|
Loading…
Reference in New Issue
Block a user