End user security esentials

Password security

• Long (11 chars with upper case + 2 digits + 1 special character)
  • You may use a passphrase, getting the initials of each word.
• Limit password retry and reuse.
• Avoid patterns.

Social engineering

• physical person (be careful about tailgating).
• remote person: phishing (+ spear phishing + whaling) → use “hover to discover”.

Physical security

• Shoulder surfing → use screen filer.
• Lock computer → have lock on inactivity + password or pin.
• Physically block movement of computer → use Kensington lock.
• Locate my device software in case it goes missing → use remote wipe in case of theft.
• Clean workspace criteria.

Data disposal

• Keep data it while it is relevant (retention period), or in case of litigation.
• Eliminate data when it is no longer relevant, permanent way, to avoid liability.
  • Document shredders → locked cans (and then 🔥).
  • Secure hard drives → purge hard drives (write a lot of times over it, with DBAN… or use mechanical shredder).
    • Recovery tools for not purged (Foremost, Scalpel).

Safe Networks

• Check package root: Do you know the nodes?

  traceroute www.wikipedia.org

• Careful with free wifi (e.g. airports), which can be compromised hotspots (there may be several networks with the same name).
  • Monitor antennas.

    sudo wavemon

  • Use certificates in ofice.
• Careful with celullar networks (they are way more expensive to fake).
  • VPN: convert untrusted network into a reliable one via tunneling:
    • generate encrypted data.
    • hide IP.

Malicious software

• Run antimalware software (check Virustotal).