Brought to you by Eliott Teissonniere.
- Use a solid and reputed password manager
- Only use strong passwords
- Remove useless accounts
- Security questions’ answers should not be easy to find
- Security questions’ answers can be random and managed in the password manager
- Rotate passwords regularly (ex: once a year)
- Have a clear and secure way to share passwords
- Setup secure channels for everyday uses and emergency purposes
- Be able to authenticate exchanges (GPG)
- Encrypt everything (GPG)
- Setup bug bounties
- Idea: sentinel network
- Dedicated security team
- Have an incident response plan and team
- Hardware wallet
- If hardware wallet is not possible, paper wallet
- Escape hatch?
- Should understand the risks of social engineering and phishing attacks
- Have the least privileges needed to perform their work
- Use an SSH public key
- Ultra restrictive firewall (whitelist)
- Fail2ban like system
- Regular automated backups on a remote system
- Audit and IPS / IDS system, with logs sent to a remote system
- Isolate services via Docker or an equivalent (rkt…)
- Use honeypots
- Avoid posting locations
- Avoid posting your trips and vacations (people know you ain’t home)
- Avoid clear posting patterns (random post habits)
- Do you need this profile?
- Regular backups
- Setup backup reminders (TimeMachine does it for you)
- Redundant backups (if you lose one)
- Use a strong session password
- Encrypt data
- Lock firmware with a password
- Turn on secure boot, with its maximum settings
- Disallow booting from something else than the hard drive
- OS should have protection features built in and turned on
- Have a good firewall, with restrictive settings
- Check confidentiality settings