Thank you to all who attended my workshop—”Practical Online Security”—this week! Below is the promised handout of links to resources, both for topics covered and not covered. This guide will be refined over time.

Last updated: 11 May 2017


A great baseline level of security can be achieved by:

  1. Educating yourself on the dangers facing you
  2. Keeping all of your software up-to-date (automatic is best)
  3. Using multi-factor authentication
  4. Backing up everything!
  5. Using a password manager!
  6. Using Signal to encrypt your communications

The Threats

Social Engineering

Social engineering is when someone tricks you into divulging information or performing an action that helps them do something malicious. Victims often have no idea until problems occur.

Here are some examples of social engineering wreaking havoc:


Malware is malicious software, programs that perform actions like: stealing passwords, siphoning funds from your bank account, and so on.

Windows users need no reminders of its omnipresence.

It affects Macs too; here are news stories on two recent examples:

Advanced Persistent Threats (APTs)

Consult a professional if you face the threat of nation-state level malware like these:

The Defenses

Anti-Malware Software

This is a baseline requirement for any networked personal computer.

Updated Software

OS X users: please upgrade to macOS Sierra if you have not already to enjoy the latest bugfixes and the benefits of System Integrity Protection introduced in El Capitan.

Multi-Factor Authentication

Until the password dies, multi-factor authentication is a must.

Password Managers

Back-up Everything

Without a back-up, you have no recourse if:

So let’s back-up all the data!

Anti-Surveillance Tools

Worried about the NSA? Don’t worry, they know.

Secure Browser Configuration

Note: the fewer extensions you have, the less of an attack surface exposed by your web browser.

Secure Server Configuration

  • Hacksplaining for developers is a wonderful set of interactive tutorials that explain common application vulnerabilities like session hijacking, SQL injection, clickjacking, cross-site scripting (XSS), and more. It’s totally free and should be part of any developer’s education.

  • 7 Security Measures to Protect Your Servers is a great place to start for learning how to lock down your Linux boxes (as they’re often called)

Secure Router Configuration

  • Know Your Network: The Complete Guide is the guide you’ve been waiting for learning how to set-up and configure your person router.

  • If you don’t trust consumer-grade routers and would rather build your own from scratch, Ars Technica has you covered with this step-by-step guide.