Unrequested security advice 

My take (IT) security, of any system is as follows:

Number One: Understand what is going on.

The technical system, the interests, how it can be attacked, etc. Your understanding gives you the ability to act.

In order to make that easier or just (more) doable, number Two: Simplify.

The less you have to understand, the better. The less services/software you have running, the less you have to worry about.

Any 'system' that isn't there, can't be hacked.

Unrequested security advice 

Once you have number one and number two, you can look at that what you really need.

Minimize When & Where you need it. If you can limit when something is in use/available, you limit when it can be attacked, if you limit where it is available (for instance local network vs internet) you limit from where it can be attacked. Something that isn't online (most of the time) is a lot harder to get into than something that's waiting 24/7 for attacks from "the Internet".

Show thread
Follow

Unrequested security advice 

Very much in-line with number one&two and not to be forgotten: What you do not store, cannot be leaked. If the application doesn't have (access to) the data, it also cannot leak it.

Sign in to participate in the conversation
chaos.social

chaos.social – a Fediverse instance for & by the Chaos community