mirror of
https://github.com/Lissy93/personal-security-checklist.git
synced 2024-10-01 01:35:37 -04:00
Whitelist MAC
This commit is contained in:
parent
1bdbbb896a
commit
cf56877c25
@ -113,8 +113,9 @@ A Virtual Private Network (VPN) protects your IP, and allows you to more securel
|
|||||||
**Configure your router to use VPN** | Optional | If you set your VPN up on your router, then data from all devices on your home network is encrypted as it leaves the LAN. Again, it's important to select a secure VPN provider, as they will see what your ISP previously had been logging. Follow a guide from your router manufacturer or VPN provider, or see [this article](https://www.howtogeek.com/221889/connect-your-home-router-to-a-vpn-to-bypass-censorship-filtering-and-more/) to get started. Note that depending on your internet connection, and VPN provider, this could slow down your internet.
|
**Configure your router to use VPN** | Optional | If you set your VPN up on your router, then data from all devices on your home network is encrypted as it leaves the LAN. Again, it's important to select a secure VPN provider, as they will see what your ISP previously had been logging. Follow a guide from your router manufacturer or VPN provider, or see [this article](https://www.howtogeek.com/221889/connect-your-home-router-to-a-vpn-to-bypass-censorship-filtering-and-more/) to get started. Note that depending on your internet connection, and VPN provider, this could slow down your internet.
|
||||||
**Stay protected from DNS Leaks** | Optional | A DNS leak is the act of monitoring, storing and filtering your DNS traffic at ISP level. To prevent this you can either use a DNS server provided by your VPN, or use [CloudFlares DNS](https://1.1.1.1/) (set nameservers to `1.1.1.1`), or maintain your own DNS server. You can check your protection, by running a [DNS Leak Test](https://www.dnsleaktest.com/), or run `nslookup whoami.akamai.net` in your terminal. Read more about [preventing DNA Leaks](https://securitytrails.com/blog/what-is-dns-leak-how-can-i-prevent-it).
|
**Stay protected from DNS Leaks** | Optional | A DNS leak is the act of monitoring, storing and filtering your DNS traffic at ISP level. To prevent this you can either use a DNS server provided by your VPN, or use [CloudFlares DNS](https://1.1.1.1/) (set nameservers to `1.1.1.1`), or maintain your own DNS server. You can check your protection, by running a [DNS Leak Test](https://www.dnsleaktest.com/), or run `nslookup whoami.akamai.net` in your terminal. Read more about [preventing DNA Leaks](https://securitytrails.com/blog/what-is-dns-leak-how-can-i-prevent-it).
|
||||||
**Use a secure VPN Protocol** | Optional | [OpenVPN](https://en.wikipedia.org/wiki/OpenVPN) is widley used, and currently considered a secure [tunneling protocol](https://en.wikipedia.org/wiki/Tunneling_protocol), it's also open source, lightweight and effiecient. [L2TP](https://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol) can be good, but only when configured correctly, whereas it's much harder to go wrong with OpenVPN. Don't use [PPTP](https://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol), which is now legacy, and not considered secure, and avoid [SSTP](https://en.wikipedia.org/wiki/Secure_Socket_Tunneling_Protocol) (proprietary, owned by Microsoft and due to lack of transparency, could be vulnrable to exploits). [IKEv2](https://en.wikipedia.org/wiki/Internet_Key_Exchange) and [WireGuard](https://www.wireguard.com/) *(experimental)* are also good options.
|
**Use a secure VPN Protocol** | Optional | [OpenVPN](https://en.wikipedia.org/wiki/OpenVPN) is widley used, and currently considered a secure [tunneling protocol](https://en.wikipedia.org/wiki/Tunneling_protocol), it's also open source, lightweight and effiecient. [L2TP](https://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol) can be good, but only when configured correctly, whereas it's much harder to go wrong with OpenVPN. Don't use [PPTP](https://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol), which is now legacy, and not considered secure, and avoid [SSTP](https://en.wikipedia.org/wiki/Secure_Socket_Tunneling_Protocol) (proprietary, owned by Microsoft and due to lack of transparency, could be vulnrable to exploits). [IKEv2](https://en.wikipedia.org/wiki/Internet_Key_Exchange) and [WireGuard](https://www.wireguard.com/) *(experimental)* are also good options.
|
||||||
**Ideally hide your SSID** | Optional | An SSID (or Service Set Identifier) is simply your network name. If it is not visible, it is much less likely to be targeted. You can usually hide it after logging into your router admin panel, [see here for more details](https://www.lifewire.com/hide-your-wireless-network-from-your-internet-leeching-neighbors-2487655).
|
|
||||||
**Avoid the free router from your ISP** | Optional | Typically they’re manufactured cheaply in bulk in China, and firmware updates which fix crucial security flaws aren’t released regularly. Consider an open source based router, such as [Turris MOX](https://www.turris.cz/en/mox/overview/)
|
**Avoid the free router from your ISP** | Optional | Typically they’re manufactured cheaply in bulk in China, and firmware updates which fix crucial security flaws aren’t released regularly. Consider an open source based router, such as [Turris MOX](https://www.turris.cz/en/mox/overview/)
|
||||||
|
**Ideally hide your SSID** | Optional | An SSID (or Service Set Identifier) is simply your network name. If it is not visible, it is much less likely to be targeted. You can usually hide it after logging into your router admin panel, [see here for more details](https://www.lifewire.com/hide-your-wireless-network-from-your-internet-leeching-neighbors-2487655).
|
||||||
|
**Whitelist MAC Addresses** | Optional | As well as a strong password, and hidden SSID, you can whitelist MAC addresses in your router settings, disallowing any unknown devices to connect to your network. A malicous actor can bipass this, by making their address appear the same as one of your trusted devices, but it will add an extra step for them.
|
||||||
**Use the Tor Network** | Advanced | VPNs have their weaknesses, since the provider knows your real details, whereas Tor is anonymous. For optimum security, route all your internet traffic through tthe Tor network. On Linux you can use [TorSocks](https://gitweb.torproject.org/torsocks.git) and [Privoxy](https://www.privoxy.org/), for Windows you can use [Whonix](https://www.whonix.org/), and on OSX [follow thsese instructions](https://maymay.net/blog/2013/02/20/howto-use-tor-for-all-network-traffic-by-default-on-mac-os-x/). Finally, you can use [OnionPi](https://learn.adafruit.com/onion-pi/overview) to use Tor for all your connected devices, by [configuring a Raspberry Pi to be a Tor Hotspot](https://lifehacker.com/how-to-anonymize-your-browsing-with-a-tor-powered-raspb-1793869805)
|
**Use the Tor Network** | Advanced | VPNs have their weaknesses, since the provider knows your real details, whereas Tor is anonymous. For optimum security, route all your internet traffic through tthe Tor network. On Linux you can use [TorSocks](https://gitweb.torproject.org/torsocks.git) and [Privoxy](https://www.privoxy.org/), for Windows you can use [Whonix](https://www.whonix.org/), and on OSX [follow thsese instructions](https://maymay.net/blog/2013/02/20/howto-use-tor-for-all-network-traffic-by-default-on-mac-os-x/). Finally, you can use [OnionPi](https://learn.adafruit.com/onion-pi/overview) to use Tor for all your connected devices, by [configuring a Raspberry Pi to be a Tor Hotspot](https://lifehacker.com/how-to-anonymize-your-browsing-with-a-tor-powered-raspb-1793869805)
|
||||||
**Kill unused process and services on your router** | Advanced | Services like Telnet and SSH (Secure Shell) that provide command-line access to devices should never be exposed to the internet and should also be disabled on the local network unless they're actually needed. In general, [any service that’s not used should be disabled](https://www.securityevaluators.com/knowledge/case_studies/routers/soho_service_hacks.php) to reduce attack surface.
|
**Kill unused process and services on your router** | Advanced | Services like Telnet and SSH (Secure Shell) that provide command-line access to devices should never be exposed to the internet and should also be disabled on the local network unless they're actually needed. In general, [any service that’s not used should be disabled](https://www.securityevaluators.com/knowledge/case_studies/routers/soho_service_hacks.php) to reduce attack surface.
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user