Title: Introduction to security good practices | |
Author: Solène | |
Date: 09 May 2021 | |
Tags: security | |
Description: | |
# Introduction | |
I wanted to share my thoughts about security in regards to computers. | |
Let's try to summarize it as a list of rules. | |
If you read it and you disagree, please let me know, I can be wrong. | |
# Good practices | |
Here is a list of good practices I've found over time. | |
## Passwords policy | |
Passwords are a mess, we need many of them every day but they are not | |
practical. I do highly recommend to use an unique random password for | |
every password needed. I switched to "keepassxc" to manage my | |
passwords, there are many password managers on the market. | |
When I need to register a password, I use the longest possible allowed | |
and I keep in my password database. | |
If I got hacked with my password database, all my passwords are leaked, | |
but if I didn't use it and had only one password, good chance it would | |
be registered somewhere and then the hacker would have access to | |
everything too. The best situation would be to have a really effective | |
memory but I don't want to rely on it. | |
I still recommend to have a few passwords in your memory, like the one | |
for your backups, your user session and the one to unlock the password | |
database. | |
When possible, use multi factor authentication. I like the TOTP (Timed | |
One Time Password) method because it works without any third party | |
service and can be stored securely in a backup. | |
## Devices trust | |
It's important to define a level of trust in the devices you use. I do | |
not trust my Windows gaming computer, I would not let it have access to | |
my password database. I do not trust my phone device enough for that | |
job too. | |
If my phone requires a password, I generate one and keep it in my | |
password database and I will create a QR code to scan with the phone | |
instead of copying that very long password. The phone will have the | |
password locally but not the entire database but yet it remains quite | |
usable. | |
## Define your threat model | |
When you think about security, you need to think what kind of security | |
you want, sometimes this will also imply thinking about privacy. | |
Let's think about my home file server, it's a small device which only | |
one disk and doesn't have access to the internet. It could be hacked | |
from a remote person, this is possible but very unlikely. On the other | |
hand, a thief could come into my house a steal a few things, like this | |
server and its data. It makes a lot of sense to use disk encryption | |
for devices that could be stolen (let make it short, I mean all | |
devices). | |
On the other hand, if I had to manage a mail server with IMAP / SMTP | |
services on it, I would harden it a lot from external attacks and I | |
would have to make some extra security policies for it. | |
## Think about usability | |
Most of the time, security and usability doesn't play together, if you | |
increase security that will be at the expense of usability and | |
vice-versa. I'll go back to my IMAP server, I could enable and enforce | |
connecting over TLS for my users, that would prevent their connections | |
to be eavesdropped. I could also enforce a VPN (that I manage myself, | |
not a commercial VPN that can see all my traffic..) to connect to the | |
IMAP server, that would prevent anyone without a VPN to connect to the | |
server. I could also restrict that VPN connection from a list of | |
public IP. I could require the VPN access from an allowed IP to be | |
unlocked by an SSH connection requiring TOTP + password + public key to | |
succeed. | |
At this point, I'm pretty sure my users will give up and put an | |
automatic redirection of their emails to an other mail server which | |
will be usable to them, I'd be defeated by my users because of too much | |
security. | |
## Don't lock yourself out | |
When you come to encrypt everything or lock everything on the network, | |
it could be complicated to avoid data loss or being locked out from the | |
service. | |
If you have important passwords, you could use Shamir's Secret Sharing | |
(I wrote about it a while back) to split a password in multiples pieces | |
that you would convert as QR code and give a copy to a few person you | |
know, to help you recover the data if you forget about the password | |
once. | |
## Backups | |
It's important to make backups, but it's even more important to encrypt | |
them and have them out in a different area of your storage. My | |
practice here is to daily backup all my computer data (which is quite | |
huge) but also backup only my most important data to remote servers. I | |
can afford losing my music files but I'd prefer to be able to recover | |
my GPG and SSH keys in case of huge disaster at home. | |
## User management | |
If a hacker got control of your user, it may be over for you. It's | |
important to only run programs you trust and no network related | |
services. | |
If you need to run something you are unsure, use a virtual machine or | |
at least a dedicated user that won't have access to your user's data. | |
My $HOMEDIR has a chmod 700 so only root and me can access it. If I | |
need to run a service, I will use a dedicated user to it. It's not | |
always convenient but it's effective. | |
# Conclusion | |
Good software with a good design are important for the security, but | |
they don't do all the job when it comes to security. Users must be | |
aware of risks and act accordingly. |