Unrequested security advice 

My take (IT) security, of any system is as follows:

Number One: Understand what is going on.

The technical system, the interests, how it can be attacked, etc. Your understanding gives you the ability to act.

In order to make that easier or just (more) doable, number Two: Simplify.

The less you have to understand, the better. The less services/software you have running, the less you have to worry about.

Any 'system' that isn't there, can't be hacked.

Follow

Unrequested security advice 

Once you have number one and number two, you can look at that what you really need.

Minimize When & Where you need it. If you can limit when something is in use/available, you limit when it can be attacked, if you limit where it is available (for instance local network vs internet) you limit from where it can be attacked. Something that isn't online (most of the time) is a lot harder to get into than something that's waiting 24/7 for attacks from "the Internet".

Unrequested security advice 

Very much in-line with number one&two and not to be forgotten: What you do not store, cannot be leaked. If the application doesn't have (access to) the data, it also cannot leak it.

Show thread

Unrequested security advice 

For all that stuff that you have to have when & where you need it:

Use stuff that's common, where multiple people look at it, get information from people you trust both in intend/alignment as in their skills. Stuff that is actively maintained.

When you can: compartmentalise.

The most basic: different passwords and accounts where you can. Every password should be unique and not resemble anything you've used before.

Advanced: run stuff on different (virtual) systems

Show thread

Unrequested security advice 

@wmd i.e. compartmentalize: use different computers. Also use, but don't overrate methods of software sandboxing. (like virtual machines)

Unrequested security advice 

@jasper Sure, there is nuance and tradeoffs here, but that's where 1&2 come in, understand and simplify.

Sign in to participate in the conversation
chaos.social

chaos.social – a Fediverse instance for & by the Chaos community