InfoSec101

PHD comics on: Security in your neighbourhood coffee shop

PHD comics: Coffee Security

from: "Piled Higher and Deeper" by Jorge Cham at www.phdcomics.com


Overview: Basic security practice

Passwords & Phishing

Passwords: The problem

First Steps: Passwords


xkcd on: Passwords

xkcd on passwords

from: "xkcd" by Randall Munroe at xkcd.com

Note: the password tester linked above, indeed, estimates

A password based on a long, creative passphrase might really be the state of the art.


Suggested Tools: Password Managers

First Steps: Avoid Phishing

Example:

Phishing example

Note the typos, and that the link leads to instructoo.com (read from right to left), not apple.de. This is clearly phishing, and can be deleted.

Malware

Disk Encryption

First Steps: Disk Encryption

Suggested Tools: Disk Encryption

Deleting Data

Cloud Storage

First Steps: Cloud Storage

Suggested Tools: Cloud Storage

Most well known tools cannot be recommended, but SpiderOak is a better version of DropBox, and BitTorrentSync a good alternative for many purposes.

Browsing

First Steps: Browsing

Suggested Tools: Secure Browsing - Search Engines

Suggested Tools: Secure Browsing - Browser Addons

Advanced Steps: Browsing with Tor

Suggested Tools: Secure Browsing - TOR

Virtual Private Networks

First Steps: VPNs

Suggested Tools: VPNs

Email

Basic Steps: Secure Email

Suggested Tools: Secure Email

PGP Best Practices

Chat and Voice Calls

First Steps: Secure Chat and Voice Calls

Suggested Tools: Secure Chat (Text)

(Note: The EFF score refers to the EFF ScoreCard for secure messaging.)

We recommend iMessage for Apple users, and Signal and TextSecure for smartphones (iOS and Android, respectively).

Suggested Tools: Secure Voice calls

We recommend FaceTime for Apple users, and Signal and Redphone for smartphones (iOS and Android, respectively).

Suggested Tools: Whistleblowing

Miscellanous

Information Leaks

Multiple Accounts

Defense in Depth

Advanced Steps