https://www.wikiwand.com/en/Threat_model
- set of methododologies to identify theats from a potential attacker's point of view
- used in tech as a way to identify potential threats to a software service/platform
- used in every day life to plam your commute for example (identify what could go wrong)
https://ssd.eff.org/en/module/introduction-threat-modeling
"To become more secure, you must determine what you need to protect, and whom you need to protect it from."
-> To determine that a threat modelling assessement can help!
You should ask yourself:
-
What do you want to protect? examples: your emails, contacts, instant messages, files...
-
Who do you want to protect it from? examples: your boss, your government, a "hacker"
-
How likely is it that you will need to protect it? a hacker could attack a network punctually, a government could scan all emails -> different aims, frequency and capabilities
-
How bad are the consequences if you fail? what would potential attackers do with your data? -> info can be read, deteted, stored (for what purpose?), shared, given to other parties
-
How much trouble are you willing to go through in order to try to prevent those? Is the risk of the threat coming to life worth the trouble you're going trough to protect it?
https://ssd.eff.org/en/module/creating-strong-passwords
- strong passwords
- password management tool
- two-factor authentication
https://ssd.eff.org/en/module/introduction-public-key-cryptography-and-pgp
Device encryption, data encryption
End-to-end encryption messaging apps: Signal, Whatsapp, Telegram
Virtual private networks: https://ssd.eff.org/en/module/choosing-vpn-thats-right-you
How to choose yours: https://torrentfreak.com/vpn-anonymous-review-160220/
- resources from the Electronic Frontier Foundation (EFF): https://ssd.eff.org/
- security starter kit: https://ssd.eff.org/en/playlist/want-security-starter-pack
- overview on privacy tools: https://ssd.eff.org/en/module/choosing-your-tools
- "Greater Than Code" podcast episode 10: http://www.greaterthancode.com/podcast/episode-010-jesse-pollak/