 |
Title: Introduction to security good practices |
|
Author: Solène |
|
Date: 09 May 2021 |
|
Tags: security |
|
Description: |
|
|
|
# Introduction |
|
|
|
I wanted to share my thoughts about security in regards to computers. |
|
Let's try to summarize it as a list of rules. |
|
|
|
If you read it and you disagree, please let me know, I can be wrong. |
|
|
|
# Good practices |
|
|
|
Here is a list of good practices I've found over time. |
|
|
|
## Passwords policy |
|
|
|
Passwords are a mess, we need many of them every day but they are not |
|
practical. I do highly recommend to use an unique random password for |
|
every password needed. I switched to "keepassxc" to manage my |
|
passwords, there are many password managers on the market. |
|
|
|
When I need to register a password, I use the longest possible allowed |
|
and I keep in my password database. |
|
|
|
If I got hacked with my password database, all my passwords are leaked, |
|
but if I didn't use it and had only one password, good chance it would |
|
be registered somewhere and then the hacker would have access to |
|
everything too. The best situation would be to have a really effective |
|
memory but I don't want to rely on it. |
|
|
|
I still recommend to have a few passwords in your memory, like the one |
|
for your backups, your user session and the one to unlock the password |
|
database. |
|
|
|
When possible, use multi factor authentication. I like the TOTP (Timed |
|
One Time Password) method because it works without any third party |
|
service and can be stored securely in a backup. |
|
|
|
## Devices trust |
|
|
|
It's important to define a level of trust in the devices you use. I do |
|
not trust my Windows gaming computer, I would not let it have access to |
|
my password database. I do not trust my phone device enough for that |
|
job too. |
|
|
|
If my phone requires a password, I generate one and keep it in my |
|
password database and I will create a QR code to scan with the phone |
|
instead of copying that very long password. The phone will have the |
|
password locally but not the entire database but yet it remains quite |
|
usable. |
|
|
|
## Define your threat model |
|
|
|
When you think about security, you need to think what kind of security |
|
you want, sometimes this will also imply thinking about privacy. |
|
|
|
Let's think about my home file server, it's a small device which only |
|
one disk and doesn't have access to the internet. It could be hacked |
|
from a remote person, this is possible but very unlikely. On the other |
|
hand, a thief could come into my house a steal a few things, like this |
|
server and its data. It makes a lot of sense to use disk encryption |
|
for devices that could be stolen (let make it short, I mean all |
|
devices). |
|
|
|
On the other hand, if I had to manage a mail server with IMAP / SMTP |
|
services on it, I would harden it a lot from external attacks and I |
|
would have to make some extra security policies for it. |
|
|
|
## Think about usability |
|
|
|
Most of the time, security and usability doesn't play together, if you |
|
increase security that will be at the expense of usability and |
|
vice-versa. I'll go back to my IMAP server, I could enable and enforce |
|
connecting over TLS for my users, that would prevent their connections |
|
to be eavesdropped. I could also enforce a VPN (that I manage myself, |
|
not a commercial VPN that can see all my traffic..) to connect to the |
|
IMAP server, that would prevent anyone without a VPN to connect to the |
|
server. I could also restrict that VPN connection from a list of |
|
public IP. I could require the VPN access from an allowed IP to be |
|
unlocked by an SSH connection requiring TOTP + password + public key to |
|
succeed. |
|
|
|
At this point, I'm pretty sure my users will give up and put an |
|
automatic redirection of their emails to an other mail server which |
|
will be usable to them, I'd be defeated by my users because of too much |
|
security. |
|
|
|
## Don't lock yourself out |
|
|
|
When you come to encrypt everything or lock everything on the network, |
|
it could be complicated to avoid data loss or being locked out from the |
|
service. |
|
|
|
If you have important passwords, you could use Shamir's Secret Sharing |
|
(I wrote about it a while back) to split a password in multiples pieces |
|
that you would convert as QR code and give a copy to a few person you |
|
know, to help you recover the data if you forget about the password |
|
once. |
|
|
|
## Backups |
|
|
|
It's important to make backups, but it's even more important to encrypt |
|
them and have them out in a different area of your storage. My |
|
practice here is to daily backup all my computer data (which is quite |
|
huge) but also backup only my most important data to remote servers. I |
|
can afford losing my music files but I'd prefer to be able to recover |
|
my GPG and SSH keys in case of huge disaster at home. |
|
|
|
## User management |
|
|
|
If a hacker got control of your user, it may be over for you. It's |
|
important to only run programs you trust and no network related |
|
services. |
|
|
|
If you need to run something you are unsure, use a virtual machine or |
|
at least a dedicated user that won't have access to your user's data. |
|
My $HOMEDIR has a chmod 700 so only root and me can access it. If I |
|
need to run a service, I will use a dedicated user to it. It's not |
|
always convenient but it's effective. |
|
|
|
# Conclusion |
|
|
|
Good software with a good design are important for the security, but |
|
they don't do all the job when it comes to security. Users must be |
|
aware of risks and act accordingly. |
