Awesome-Mirrors/personal-security-checklist
1
0
Fork 0
mirror of https://github.com/Lissy93/personal-security-checklist.git synced 2024-07-01 17:11:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Expands on VPN Section

Browse Source
This commit is contained in:
Alicia Sykes 2020-01-03 10:12:41 +00:00 committed by GitHub
parent f8e816aef3
commit 9b2fa5dc3c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
README.md
View File

@ -56,14 +56,15 @@ For more browser security pointers, check out: [Heres How To Get Solid Browse
## VPN
A Virtual Private Network (VPN) protects your IP, and allows you to more securely connect to the internet. Use it when connecting to public WiFi or to restrict your ISP from seeing all sites you've visited.
A Virtual Private Network (VPN) protects your IP, and allows you to more securely connect to the internet. Use it when connecting to public WiFi or to restrict your ISP from seeing all sites you've visited. Note, VPNs are not a perfect solution, and it is important to select a reputable provider, to entrust your data with. Tor provides greater anonimity.
**Security** | **Priority** | **Details and Hints**
--- | --- | ---
**Use a VPN** | Recommended | Use a reputable, paid-for VPN. Choose one which does not keep and logs and preferably is not based in a [5-eyes](https://en.wikipedia.org/wiki/Five_Eyes) country. See [That One Privacy Site](https://thatoneprivacysite.net/) for a detailed comparison. As of 2020, [NordVPN](https://nordvpn.com/) is a great all-rounder, and [Mullvad](https://mullvad.net/) and [DoubleHop](https://www.doublehop.me/) are excelland for security.
**Stay protected from DNS Leaks** | Optional | A DNS leak is the act of monitoring, storing and filtering your DNS traffic at ISP level. To prevent this you can either use a DNS server provided by your VPN, use [CloudFlares DNS](https://1.1.1.1/) (set nameservers to `1.1.1.1`), or maintain your own DNS server. You can check your protection, by running a [DNS Leak Test](https://www.dnsleaktest.com/), or run `nslookup whoami.akamai.net` in your terminal. Read more about [preventing DNA Leaks](https://securitytrails.com/blog/what-is-dns-leak-how-can-i-prevent-it).
**Use OpenVPN Protocol/ Stay as far from PPTP and SSTP** | Recomended | [OpenVPN](https://en.wikipedia.org/wiki/OpenVPN) is currently considered the most secure [tunneling protocol](https://en.wikipedia.org/wiki/Tunneling_protocol), it's also open source, lightweight and effiecient. [L2TP](https://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol) can be good, but only when configured correctly, whereas it's much harder to go wrong with OpenVPN. Stay away from [PPTP](https://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol), which is now legacy, and not considered secure. [SSTP](https://en.wikipedia.org/wiki/Secure_Socket_Tunneling_Protocol) is owned my Microsoft and since it's not very transparent it's likley to be vulnrable to certain attachs.
**Use the Tor Network** | Advanced | VPNs have their weaknesses, since the provider knows your real details, whereas Tor is anonymous. For optimum security, route all your internet traffic through tthe Tor network. On Linux you can use [TorSocks](https://gitweb.torproject.org/torsocks.git) and [Privoxy](https://www.privoxy.org/), for Windows you can use [Whonix](https://www.whonix.org/), on OSX [follow thsese instructions](https://maymay.net/blog/2013/02/20/howto-use-tor-for-all-network-traffic-by-default-on-mac-os-x/). Finally, you can use [OnionPi](https://learn.adafruit.com/onion-pi/overview) to use Tor for all your connected devices, by [configuring a Raspberry Pi to be a Tor Hotspot](https://lifehacker.com/how-to-anonymize-your-browsing-with-a-tor-powered-raspb-1793869805)
**Use a VPN** | Recommended | Use a reputable, paid-for VPN. Choose one which does not keep and logs and preferably is not based under a [5-eyes](https://en.wikipedia.org/wiki/Five_Eyes) jurisdiction. See [That One Privacy Site](https://thatoneprivacysite.net/) for a detailed comparison. As of 2020, [NordVPN](https://nordvpn.com/) and [SurfShark](https://surfshark.com/) are both good all-rounders (for speed, simplicity and security), and [Mullvad](https://mullvad.net/) and [DoubleHop](https://www.doublehop.me/) are excelland for security.
**Configure your router to use VPN** | Optional | If you set your VPN up on your router, then data from all devices on your home network is encrypted as it leaves the LAN. Again, it's important to select a secure VPN provider, as they will see what your ISP previously had been logging. Follow a guide from your router manufacturer or VPN provider, or see [this article](https://www.howtogeek.com/221889/connect-your-home-router-to-a-vpn-to-bypass-censorship-filtering-and-more/) to get started. Note that depending on your internet connection, and VPN provider, this could slow down your internet.
**Stay protected from DNS Leaks** | Optional | A DNS leak is the act of monitoring, storing and filtering your DNS traffic at ISP level. To prevent this you can either use a DNS server provided by your VPN, or use [CloudFlares DNS](https://1.1.1.1/) (set nameservers to `1.1.1.1`), or maintain your own DNS server. You can check your protection, by running a [DNS Leak Test](https://www.dnsleaktest.com/), or run `nslookup whoami.akamai.net` in your terminal. Read more about [preventing DNA Leaks](https://securitytrails.com/blog/what-is-dns-leak-how-can-i-prevent-it).
**Use a secure Protocol** | Optional | [OpenVPN](https://en.wikipedia.org/wiki/OpenVPN) is widley used, and currently considered a secure [tunneling protocol](https://en.wikipedia.org/wiki/Tunneling_protocol), it's also open source, lightweight and effiecient. [L2TP](https://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol) can be good, but only when configured correctly, whereas it's much harder to go wrong with OpenVPN. Don't use [PPTP](https://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol), which is now legacy, and not considered secure, and avoid [SSTP](https://en.wikipedia.org/wiki/Secure_Socket_Tunneling_Protocol) (proprietary, owned by Microsoft and due to lack of transparency, could be vulnrable to exploits). [IKEv2](https://en.wikipedia.org/wiki/Internet_Key_Exchange) and [WireGuard](https://www.wireguard.com/) *(experimental)* are also good options.
**Use the Tor Network** | Advanced | VPNs have their weaknesses, since the provider knows your real details, whereas Tor is anonymous. For optimum security, route all your internet traffic through tthe Tor network. On Linux you can use [TorSocks](https://gitweb.torproject.org/torsocks.git) and [Privoxy](https://www.privoxy.org/), for Windows you can use [Whonix](https://www.whonix.org/), and on OSX [follow thsese instructions](https://maymay.net/blog/2013/02/20/howto-use-tor-for-all-network-traffic-by-default-on-mac-os-x/). Finally, you can use [OnionPi](https://learn.adafruit.com/onion-pi/overview) to use Tor for all your connected devices, by [configuring a Raspberry Pi to be a Tor Hotspot](https://lifehacker.com/how-to-anonymize-your-browsing-with-a-tor-powered-raspb-1793869805)
## Emails