mirrors/personal-security-checklist
1
0
Fork 0
mirror of https://github.com/Lissy93/personal-security-checklist.git synced 2025-01-31 01:44:54 +07:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Alicia Sykes 2020-05-18 23:44:27 +01:00 committed by GitHub
parent 9fde94b36b
commit cd90e2b93d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
README.md
View File

@ -159,11 +159,13 @@ The big companies providing "free" email service, don't have a good reputation f
## Social Media
There are some serious [Privacy Concerns with Social Networking Services](https://en.wikipedia.org/wiki/Privacy_concerns_with_social_networking_services). Lock down your privacy settings, but know that even after doing so, all data intentionally and non-intentionally uploaded is effectively public. If possible, avoid using conventional social media networks.
Online communities have existed since the invention of the internet, and give people around the world the opportunity to connect, communicate and share. Although these networks are a great way to promote social interaction and bring people together, that have a dark side - there are some serious [Privacy Concerns with Social Networking Services](https://en.wikipedia.org/wiki/Privacy_concerns_with_social_networking_services), and these social networking sites are owned by private businesses, and that they make their money by collecting data about individuals and selling that data on, particularly to third party advertisers.
Lock down your privacy settings, but know that even after doing so, all data intentionally and non-intentionally uploaded is effectively public. If possible, avoid using conventional social media networks.
**Security** | **Priority** | **Details and Hints**
--- | --- | ---
**Check Privacy Settings** | Recommended | Most social networks allow you to control your privacy settings. Ensure that you are comfortable with your current exposure, check the settings regularly, as updates can cause these to default back to public
**Check Privacy Settings** | Recommended | Most social networks allow you to control your privacy settings. Ensure that you are comfortable with what data you are currently exposing and to whom. But remember, privacy settings are only meant to protect you from other members of the social network- they do not shield you or your data from the owners of the network. See how to set privacy settings, with [this guide](https://securityinabox.org/en/guide/social-networking/web)
**Think of All Interactions as Public** | Recommended | There are still numerous methods of viewing a users 'private' content across many social networks. Therefore, before uploading, posting or commenting on anything, think "Would I mind if this was totally public?"
**Don't Reveal too Much** | Recommended | Profile information creates a goldmine of info for hackers, the kind of data that helps them personalize phishing scams. Avoid putting too much detail (DoB, Hometown, School etc) in the About section
**Be Careful what you say** | Recommended | Status updates, comments and photos can unintentionally reveal a lot more than you intended them to (such as location, preferences, contacts etc)
@ -172,7 +174,7 @@ There are some serious [Privacy Concerns with Social Networking Services](https:
**Don't Grant Unnecessary Permissions** | Recommended | By default many of the popular social networking apps will ask for permission to access your contacts, your call log, your location, your messaging history etc.. If they dont need this access, dont grant it. For Android users, check out [Bouncer](https://play.google.com/store/apps/details?id=com.samruston.permission) - an app that gives you the ability to grant permissions temporarily
**Be Careful of 3rd-Party Integrations** | Recommended | Avoid signing up for accounts using a Social Network login, revoke access to social apps you no longer use, see instructions for: [Facebook](https://www.facebook.com/settings?tab=applications), [Twitter](https://twitter.com/settings/applications), [Insta](https://www.instagram.com/accounts/manage_access/) and [LinkedIn](https://www.linkedin.com/psettings/permitted-services)
**Remove metadata before uploading media** | Optional | Most smartphones and some cameras automatically attach a comprehensive set of additional data (called [EXIF data](https://en.wikipedia.org/wiki/Exif)) to each photograph. This usually includes things like time, date, location, camera model, user etc. It can reveal a lot more data than you intended to share. Remove this data before uploading. You can remove meta data [without any special software](https://www.howtogeek.com/203592/what-is-exif-data-and-how-to-remove-it/), use [a CLI tool](https://www.funkyspacemonkey.com/how-to-remove-exif-metadata), or a desktop tool like [EXIF Tage Remover](https://rlvision.com/exif/)
**Consider False Information** | Recommended | If you just want to read, and do not intend on posting too much- consider using an alias name, and false contact details. Remember that there are still methods of tracing your account back to you, but this could mitigate a lot of threats
**Consider False Information** | Recommended | If you just want to read, and do not intend on posting too much- consider using an alias name, and false contact details. Remember that there are still methods of tracing your account back to you, but this could mitigate a lot of threats. Consider using separate accounts/identities, or maybe different pseudonyms, for different campaigns and activities. Don't link accounts in any way- don't comment on / liking inter-account posts, avoid logging in from the same IP and use different passwords (so the accounts cannot be linked in the case of a data breach)
**Dont have any social media accounts** | Advanced | Social media is fundamentally un-private, so for maximum online security and privacy, avoid using any mainstream social networks
**Recommended Software**
@ -189,11 +191,11 @@ A Virtual Private Network (VPN) protects your IP, and allows you to more securel
**Security** | **Priority** | **Details and Hints**
--- | --- | ---
**Use a VPN** | Recommended | Use a reputable, paid-for VPN. Choose one which does not keep logs and preferably is not based under a [5-eyes](https://en.wikipedia.org/wiki/Five_Eyes) jurisdiction. [ProtonVPN](https://protonvpn.com) and [Mullvad](https://mullvad.net) are both good options, or check out [That One Privacy Site](https://thatoneprivacysite.net/) for a detailed comparison. It is also important to understand that VPNs have limitations, and they do not make you instantly anonymous.
**Dont use a default router password** | Recommended | Change your router password- [here is a guide as to how](https://www.lifewire.com/how-to-change-your-wireless-routers-admin-password-2487652).
**Use WPA2** | Recommended | WPA and WEP make it very easy for a hacker to gain access to your router. Use a [WPA2](https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access) password instead. Ensure it is strong: 12+ alpha-numeric characters, avoiding dictionary words.
**Keep router firmware up-to-date** | Recommended | Manufacturers release firmware updates that fix security vulnerabilities, implement new standards and sometimes add features/ improve the performance your router. It's important to have the latest firmware installed, to avoid a malicious actor exploiting an un-patched vulnerability. You can usually update your router by navigating to [192.168.0.1](192.168.0.1) or [192.168.1.1](192.168.1.1) in your browser, entering the credentials on the sticker on the back of you of your router (not your WiFi password!), and following the on-screen instructions. Or follow a guide from your routers manufacturer: [Asus](https://www.asus.com/support/FAQ/1005484/), [D-Link](https://eu.dlink.com/uk/en/support/faq/routers/mydlink-routers/dir-810l/how-do-i-upgrade-the-firmware-on-my-router), [Linksys (older models)](https://www.linksys.com/us/support-article?articleNum=140365), [NetGear](https://kb.netgear.com/23442/How-do-I-update-my-NETGEAR-router-s-firmware-using-the-Check-button-in-the-router-web-interface) and [TP-Link](https://www.tp-link.com/us/support/faq/688/). Newer Linksys and Netgear routers update automatically, as does Google's router.
**Configure your router to use VPN** | Optional | If you set your VPN up on your router, then data from all devices on your home network is encrypted as it leaves the LAN. Again, it's important to select a secure VPN provider, as they will see what your ISP previously had been logging. Follow a guide from your router manufacturer or VPN provider, or see [this article](https://www.howtogeek.com/221889/connect-your-home-router-to-a-vpn-to-bypass-censorship-filtering-and-more/) to get started. Note that depending on your internet connection, and VPN provider, this could slow down your internet.
**Use a VPN** | Recommended | Use a reputable, paid-for VPN. Choose one which does not keep logs and preferably is not based under a [5-eyes](https://en.wikipedia.org/wiki/Five_Eyes) jurisdiction - see detailed impartial comparison on [That One Privacy Site](https://thatoneprivacysite.net). [ProtonVPN](https://protonvpn.com) and [Mullvad](https://mullvad.net) are both good options for privacy and security. It is also important to understand that VPNs have [limitations](/5_Privacy_Respecting_Software.md#word-of-warning-2), and they do not make you anonymous.
**Dont use a default router password** | Recommended | After getting a new router, change the password. Default router passwords are publicly available (see [default-password.info](https://default-password.info)), meaning anyone within proximity would be able to connect. See [here](https://www.lifewire.com/how-to-change-your-wireless-routers-admin-password-2487652), for a guide on changing router password
**Use WPA2** | Recommended | WPA and WEP make it very easy for a hacker to gain access to your router. Use a [WPA2](https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access) password instead. Ensure it is strong: 12+ alpha-numeric characters, avoiding dictionary words. You can set this within your routers admin panel
**Keep router firmware up-to-date** | Recommended | Manufacturers release firmware updates that fix security vulnerabilities, implement new standards and sometimes add features/ improve the performance your router. It's important to have the latest firmware installed, to avoid a malicious actor exploiting an un-patched vulnerability. <br>You can usually update your router by navigating to [192.168.0.1](192.168.0.1) or [192.168.1.1](192.168.1.1) in your browser, entering the credentials on the sticker on the back of you of your router (not your WiFi password!), and following the on-screen instructions. Or follow a guide from your routers manufacturer: [Asus](https://www.asus.com/support/FAQ/1005484/), [D-Link](https://eu.dlink.com/uk/en/support/faq/routers/mydlink-routers/dir-810l/how-do-i-upgrade-the-firmware-on-my-router), [Linksys (older models)](https://www.linksys.com/us/support-article?articleNum=140365), [NetGear](https://kb.netgear.com/23442/How-do-I-update-my-NETGEAR-router-s-firmware-using-the-Check-button-in-the-router-web-interface) and [TP-Link](https://www.tp-link.com/us/support/faq/688/). Newer Linksys and Netgear routers update automatically, as does Google's router.
**Implement a Network-Wide VPN** | Optional | If you configure your VPN on your router, firewall or home server, then traffic from all devices will be encrypted and routed through it, without needing individual VPN apps
**Protect against DNS leaks** | Optional | When using a VPN, it is extremely important to exclusively use the DNS server of your VPN provider. For OpenVPN, you can add: `block-outside-dns` to your config file (which will have the extension `.ovn` or `.conf`). If you are unable to do this, then see [this article](https://www.dnsleaktest.com/how-to-fix-a-dns-leak.html) for further instructions. You can check for leaks, using a [DNS Leak Test](https://www.dnsleaktest.com/)
**Use a secure VPN Protocol** | Optional | [OpenVPN](https://en.wikipedia.org/wiki/OpenVPN) is widely used, and currently considered as a secure [tunneling protocol](https://en.wikipedia.org/wiki/Tunneling_protocol), it's also open source, lightweight and efficient. [L2TP](https://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol) can be good, but only when configured correctly, whereas it's much harder to go wrong with OpenVPN. Don't use [PPTP](https://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol), which is now legacy, and not considered secure, and avoid [SSTP](https://en.wikipedia.org/wiki/Secure_Socket_Tunneling_Protocol) (proprietary, owned by Microsoft and due to lack of transparency, could be vulnerable to exploits). [IKEv2](https://en.wikipedia.org/wiki/Internet_Key_Exchange) and the new [WireGuard](https://www.wireguard.com/) protocol *(experimental)* are also good options.
**Avoid the free router from your ISP** | Optional | Typically theyre manufactured cheaply in bulk in China, and firmware updates which fix crucial security flaws arent released regularly. Consider an open source based router, such as [Turris MOX](https://www.turris.cz/en/mox/overview/)