Skip to content

Instantly share code, notes, and snippets.

@ETeissonniere
Last active July 24, 2018 17:34
Show Gist options
  • Save ETeissonniere/c2b6c08788954e3f499f0a1731f78643 to your computer and use it in GitHub Desktop.
Save ETeissonniere/c2b6c08788954e3f499f0a1731f78643 to your computer and use it in GitHub Desktop.
My operational safety checklist

Security Checklist

Brought to you by Eliott Teissonniere.

Accounts

  • Use a solid and reputed password manager
  • Only use strong passwords
  • Remove useless accounts
  • Security questions’ answers should not be easy to find
  • Security questions’ answers can be random and managed in the password manager
  • Rotate passwords regularly (ex: once a year)
  • Have a clear and secure way to share passwords

Communications

  • Setup secure channels for everyday uses and emergency purposes
  • Be able to authenticate exchanges (GPG)
  • Encrypt everything (GPG)

Companies

  • Setup bug bounties
  • Idea: sentinel network
  • Dedicated security team
  • Have an incident response plan and team

Crypto

  • Hardware wallet
  • If hardware wallet is not possible, paper wallet
  • Escape hatch?

Users

  • Should understand the risks of social engineering and phishing attacks
  • Have the least privileges needed to perform their work

Servers

  • Use an SSH public key
  • Ultra restrictive firewall (whitelist)
  • Fail2ban like system
  • Regular automated backups on a remote system
  • Audit and IPS / IDS system, with logs sent to a remote system
  • Isolate services via Docker or an equivalent (rkt…)
  • Use honeypots

Social

  • Avoid posting locations
  • Avoid posting your trips and vacations (people know you ain’t home)
  • Avoid clear posting patterns (random post habits)
  • Do you need this profile?

System

  • Regular backups
  • Setup backup reminders (TimeMachine does it for you)
  • Redundant backups (if you lose one)
  • Use a strong session password
  • Encrypt data
  • Lock firmware with a password
  • Turn on secure boot, with its maximum settings
  • Disallow booting from something else than the hard drive
  • OS should have protection features built in and turned on
  • Have a good firewall, with restrictive settings
  • Check confidentiality settings
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment