Security – Starting from the Inside

So for the actual first post on this first series on the BWTS blog, we’re going on the ‘Inside’.

So with this, we will start looking at the networks endpoints, so your computers, servers, tablets, phones or in other words, the devices you tend to use. The general advice for all of these are:

• Have the latest, currently supported Operating System installed
  • Apply all Operating System patches/updates/etc
    • More difficult with Android phone due to OS fragmentation
    • More difficult with OLDER Apple devices
• Have anti-virus and anti-malware software installed
  • It is to be the most current and supported version
  • Ensure it’s definitions are current and updating properly
  • Yes, even Macs, iPhones, Android, and Linux…
  • Yes, I’m serious about this…
  • Malware is not just limited to Windows and being able to detect and stop the spread of malware (even if it doesn’t effect your platform of choice, is still a good choice)
  • Just think about it in terms of being a good neighbor on the Internet, OK?
• Use a firewall if possible on your endpoints
  • Continue to tune and refine it, do not just set it and leave it
• Use the most current and supported web browser
  • Recommended are Chrome and FireFox
    • Secondary recommendation for Brave
    • Tor Browser bundle with an honorable mention
  • Use adblocking/script stopping extensions/addons
    • Gorhill’s uBlock Origin
    • Noscript
    • Adblock Plus
  • Run inside of a sandbox
    • Sandboxie
    • If resources are available, create a VM to do general web browsing
      • VMware Workstation
      • VirtualBox
    • If sandboxing is not possible:
      • Boot off of a Linux boot CD/DVD
      • Install a version of Linux or BSD Operating System onto a spare computer
        • Ubuntu
        • Debian
        • Mint
        • FreeBSD
        • PCBSD
• Use strong passwords
  • This advise seems to change with time, but what has stayed constant:
    • Make it as long as possible
    • Use it like a passphrase and not a password
      • Lyrics to a favorite song
      • Sentences
    • Complex
      • Use of upper and lower case characters, numbers, and special characters
  • Use a password manager and let it manage everything for you
    • Use a strong master password
    • KeePass
    • LastPass
• Backups
  • If it’s important, have a backup
  • A backup is not moving the file(s) in question to an external drive and calling it ‘good to go’
  • 3-2-1
    • This means having at least 3 total copies of your data, 2 of which are local but on different mediums/devices/services, and at least 1 copy offsite.
    • 2 local
      • Your main computer
      • A secondary computer
      • An external hard drive you backup to
      • A NAS on your local network
    • 1 offsite
      • Data backup services
        • Backblaze
        • Carbonite
        • Mozy
      • Online Storage Services
        • Google Drive
        • Dropbox
        • iCloud
      • External Media
        • HDD/Optical media
        • Media given to family or firends to store
        • Media placed in a Bank box
        • Media given to a lawyer

It is important to note, there is no such thing as perfect security. So everything here will be best effort, because the closest you can get to ‘perfect’ security is a brand new computer, sealed in a concrete block and dropped into the ocean.

So stay tuned for more as get into the inside and work our way outside!