Wednesday, August 26, 2015

Security Practitioners: Eat Your Own Dogfood!

Josh Sokol presented at the Austin OWASP chapter meeting in August.  His talk was about how we should set a better example for colleagues as security practitioners by using a security-sensitive thought process in our day-to-day lives.



A recording of his talk is here: https://vimeo.com/channels/owaspaustin  We had a good turnout for the talk, and the audience interaction was great!



Here are some of his key points:

In the Car

  •           Don’t indulge in bumper stickers that give away too much information. There are a lot of bad guys running around that can use it for evil purposes.
  •           Don’t leave valuables in your car. It gets the interest of the wrong element.
  •           Keep an eye on neighborhoods you travel through, and observe when you need to get out of bad neighborhoods.
  •           Don’t leave your garage door opener in the car. It’s a simple matter for bad guys to get your codes from it and possibly break into your house via the garage
  •           Get a CarSafety Hammer, Window Breaker and Seatbelt Cutter.

House – think about deterrents

  •           Have an escape plan in case of an emergency
  •           Even if you don’t have an alarm system like ADT, be sure to get some of their signs/stickers
  •           If you have an alarm system, make sure you set up a panic code. That’s a code you use if the bad guy forces you to disable the alarm, and it sends a distress call while appearing to simply disable.
  •           Get good door locks! Guys like Jgor can get through the cheap ones in 30 seconds.
  •           Get motion lights
  •           Get a camera surveillance system. They are cheap now.
  •           Get a “Beware of Dog” sign, even if you happen to be a cat person.
  •           Consider getting a device to separate your cable modem from your router like the PA-200. That way, you don’t have to trust your ISP and you can allow guest access to wifi in your house without worries
  •           Backup the Backup of your Backups
  •           Use WPA2 encryption
  •           Have  a Fireproof Safe
  •           Have a week’s worth of home rations
  •           Have a “bug out” bag and location decided

At Work

  •           Keep your desk clean
  •           If in doubt, take your computer with you wherever you go
  •           Shred sensitive documents
  •           Don’t leave valuables unattended
  •           Don’t expect police to help you with a stolen cell phone – even if you can track it they will not help . Get set up for remote wipe instead.

Your Computer

  •           Check before clicking
  •           Check to make sure it’s HTTPS
  •           Know what you’re running
  •           Cover your camera
  •           Disable JavaScript
  •           Use 2-step verification
  •           Use KeePass – it’s free and open source
  •           Don’t use a bank debit card – all the liability is on you
  •           Use one card for in-person transactions; consider a card with a Virtual Account Number






Posted by at 4 comments:
Subscribe to: Posts (Atom)