Thank you to all who attended my workshop—”Practical Online Security”—this week! Below is the promised handout of links to resources, both for topics covered and not covered. This guide will be refined over time.
Last updated: 11 May 2017
A great baseline level of security can be achieved by:
- Educating yourself on the dangers facing you
- Keeping all of your software up-to-date (automatic is best)
- Using multi-factor authentication
- Backing up everything!
- Using a password manager!
- Using Signal to encrypt your communications
Social engineering is when someone tricks you into divulging information or performing an action that helps them do something malicious. Victims often have no idea until problems occur.
Here are some examples of social engineering wreaking havoc:
Malware is malicious software, programs that perform actions like: stealing passwords, siphoning funds from your bank account, and so on.
Windows users need no reminders of its omnipresence.
It affects Macs too; here are news stories on two recent examples:
Advanced Persistent Threats (APTs)
Consult a professional if you face the threat of nation-state level malware like these:
This is a baseline requirement for any networked personal computer.
Malwarebytes Anti-Malware (grab the free download; the premium version adds real-time protection)
OS X users: please upgrade to macOS Sierra if you have not already to enjoy the latest bugfixes and the benefits of System Integrity Protection introduced in El Capitan.
1Password (paid, but the best one all-around)
LastPass (free for all platforms)
KeePass (free and open-source)
Without a back-up, you have no recourse if:
- It suddenly stops working
- You spill water/coffee on your computer
- Someone steals your computer
So let’s back-up all the data!
Worried about the NSA? Don’t worry, they know.
Signal (free mobile app for encrypted messaging and calls)
WhatsApp now includes end-to-end encryption as well
Secure Browser Configuration
Note: the fewer extensions you have, the less of an attack surface exposed by your web browser.
Secure Server Configuration
Hacksplaining for developers is a wonderful set of interactive tutorials that explain common application vulnerabilities like session hijacking, SQL injection, clickjacking, cross-site scripting (XSS), and more. It’s totally free and should be part of any developer’s education.
7 Security Measures to Protect Your Servers is a great place to start for learning how to lock down your Linux boxes (as they’re often called)