Differences

This shows you the differences between two versions of the page.

--- cybersecuritybasics [2022/10/28 18:23] – jgmac1106
+++ cybersecuritybasics [2022/10/28 19:34] (current) – getting rid of meta writing statements jgmac1106
@@ Line 1: / Line 1: @@
-As an Internet activist, a member of a marginalized group, or just a concerned security citizen you may want to take steps to protect yourself online. You can take a few steps to go a long way. Below you will find my best tips in descending order of both capability and complexity. Meaning everyone should "Be Smart" but not everyone needs to use "network segmentation."
+As an Internet activist, a member of a marginalized group, or just a concerned security citizen you may want to take steps to protect yourself online. You can take a few steps to go a long way.Based on threats to your self and data think about security as  descending order of both capability and complexity. Meaning everyone should "Be Smart" but not everyone needs to use "network segmentation."
 Please share tips you find useful for the average internet activist who may not have networking and IT skills.
@@ Line 7: / Line 7: @@
 The professionals call this Operational Security and Situational Awareness. When you go online you put yourself and data at risk. You must assume anything, even if encrypted or on a private social network, will get out.
-The only weight that matters in cybersecurity is the 6 lbs you carry in your skull. Think before your click. Make sure you are working in a place where you and your data are safe. Never share any kind of log in credentials is an email, screenshot, or Discord DM.
+The only weight that matters in cybersecurity is the 6 lbs you carry in your skull. Think before your click. Make sure you are working in a place where you and your data are safe. Never share any kind of log in credentials in an email, screenshot, or Discord DM.If you run an online community do not have a document with all the username and passwords for different tools your community uses.
 ===== Turn on 2FA/MFA =====
-Authentication means proving who you are when you try to gain access to a newtwork. Usually you get authorized by authenticating a username and a password match. You need better security. Enable multi-factor authentication on all your online services.
+Authentication means proving who you are when you try to gain access to a network or system. Usually you get authorized by authenticating a username and a password match. You need better security. Enable multi-factor authentication on all your online services.
-With Multi-factor-authentication, MFA, you can verify something you know, something you are, and something you own. Many services allow SMS as an additional factor. For most use cases this method is acceptable but it is not the most secure.
+With Multi-factor-authentication, MFA, you can verify something you know, something you are, and something you own. Many services allow SMS, test messages, as an additional factor. For most use cases this method is acceptable but it is not the most secure.
 Also know you local laws in terms of which factors police can use, such as face unlock, versus something you know such as a password.
@@ Line 27: / Line 27: @@
 Rarely, better yet, never click on any link sent over SMS or private message. If you do make sure you know the sender. Look at the URL, if not shortened. Make sure it seems legitimate. Remember the accounts of people you trust can get compromised.
-If you work with really sensitive data, or your identity puts you at risk, you should never open links through SMS and make sure any external connection gets scanned for malicious code. You should not use browser based email and only use a client with trusted AV capabilities.
+If you work with really sensitive data, or your identity puts you at risk, you should never open links through SMS and make sure any external connection gets scanned for malicious code. You should not use browser based email and only use a client with trusted Anti-virus capabilities.
 ===== Passwords =====
@@ Line 33: / Line 33: @@
 Most breaches happen because of stolen credentials. Usually from another system. Meaning Miriam may use the same bank password as her email. Her email got compromised and her password sold online. It then got used to drain her bank accounts.
-Use a unique password every time. Some people may use the same password for multiple services and this puts them at risk. I know it makes it easier to remember but it puts you and your data at risk.
+  * Use a unique password every time. Some people may use the same password for multiple services and this puts them at risk. I know it makes it easier to remember but it puts you and your data at risk.
-Length beats complexity. Special letters and random Capital letters may get required by systems but they do little for security. Instead think in pass phrases and not passwords. Length takes longer for computers to crack. You can use Diceware pass phrases to truly randomize a lengthy password,
+  * Length beats complexity. Special letters and random Capital letters may get required by systems but they do little for security. Instead think in pass phrases and not passwords. Length takes longer for computers to crack. You can use Diceware pass phrases to truly randomize a lengthy password,
-Stay away from personal details. Many passwords get cracked through social engineering. Someone may look through your profile and see you own cats, they may then look to see if your pet has a registered name or breed. These phrases then get tried in brute force attacks.
+  * Stay away from personal details. Many passwords get cracked through social engineering. Someone may look through your profile and see you own cats, they may then look to see if your pet has a registered name or breed. These phrases then get tried in brute force attacks.
-Use a Password Manager. These tools save and encrypt all your passwords and then use single use codes, called hashes, to log in. Passwords managers provide better security given the number of accounts.
+  * Use a Password Manager. These tools save and encrypt all your passwords and then use single use codes, called hashes, to log in. Passwords managers provide better security given the number of accounts we all have today
+  * Maybe password books make sense. I know this sounds like blasphemy to security experts but to a family of five where people may have dozens of passwords each writing them down seems understandable. Granted please use a password manager but password books aren't evil for personal use cases. If a family keeps one in a fireproof safe it will help after catastrophe. I know it creates risk but if you have physical access to a families password book, in their safe,  they have bigger problems than getting hacked.
-Maybe password books make sense. I know this sounds like blasphemy to security experts but to a family of five where people may have dozens of passwords each writing them down seems understandable. Granted please use a password manager but password books aren't evil for personal use cases. If a family keeps one in a fireproof safe it will help after catastrophe. I know it creates risk but if you have physical access to a families password book, in their safe,  they have bigger problems than getting hacked.
+  * Use incorrect answers for security questions. Many systems ask questions for password recovery. Your first pet or Mother's family name may be found online through social engineering. Use falso or masked information when filling out these help features.
 ===== Separation of Duties =====
-Think of your devices has having two different users. One would have admin rights and the other has user rights. Set up all your laptops and devices with two users. Give one of them full rights to install software, run updates automatically, and modify the system.
+Think of your devices as having two different users. One would have admin rights and the other has user rights. Set up all your laptops and devices with two users. Give one of them full rights to install software, run updates automatically, and modify the system.
-Then make yourself a second user. This user will connect to external systems like we apps and social media. This user should not have rights to modify the system. If you come across a program you need to install you would log out and log in with the admin account. Then grant the user account access to to the application.
+Then make yourself a second user. This user will connect to external systems like web apps and social media. This user should not have rights to modify the system. If you come across a program you need to install you would log out and log in with the admin account. Then grant the user account access to to the application.
 ===== Backups =====
@@ Line 63: / Line 65: @@
 ===== Replace Routers and Modems =====
-In some countries, such as USA, the telcoms, rent routers and modems to people who then pay $12.00 a month for years to pay for a $90.00 modem/router. The firmware in these products often is not updated and vulnerable to attack. Plus newer router/modems often have additional security features. Not to mention, renting routers rips off customers.
+In some countries, such as USA, the telcoms rent routers and modems to people who then pay $12.00 a month for years to pay for a $90.00 modem/router. The firmware in these products often is not updated and vulnerable to attack. Plus newer router/modems often have additional security features. Not to mention, renting routers rips off customers.
 This maybe overkill but some users may want to even add utilize modems, routers, and firewalls to create an encryption layer between their network and the outside world. You can add firewalls to home networks. They also make mobile versions if you need security on the go.
@@ Line 69: / Line 71: @@
 ===== Wires Rock =====
-Every wireless access point and  every Bluetooth connection creates an attack vector for adversaries. Getting into offline hard wired systems will often take physical access. Try to use wires whenever possible. Plus your bitrate to your wireless speaker makes the music awful. Not having your XBOX wwired why you get bodies by little kids and lag, and think about how many Lithium batteries we could eliminate with wired mice.
+Every wireless access point and  every Bluetooth connection creates an attack vector for adversaries. Getting into offline hard wired systems will often take physical access. Try to use wires whenever possible. Plus your bitrate to your wireless speaker makes the music awful. You really should use wired cans instead of wireless earbuds(and a lossless format) unless you hate music. Not having your XBOX wired is why you get bodied by little kids and lag, and think about how many Lithium batteries we could eliminate with wired mice.
 ===== Separate Networks =====
-You may want to have one network for your work and another for your family and this may improve sanity and speed as much as security. If you deal with really sensitive data or operate online personas that can bring you physical or legal harm you should follow this step.  You basically firewall off your personal internet use and your activist internet use. This is not cheap and requires specialized knowledge.
+You may want to have one network for your work and another for your family. This may improve sanity and speed as much as security. If you deal with really sensitive data or operate online personas that can bring you physical or legal harm you should follow this step.  You basically firewall off your personal internet use and your activist internet use. This is not cheap and requires specialized knowledge.