Quickstart Guide to Reasonable Security

#smb #quickstart #bizdev_utils #pe_utils #smb ## Overview This is a brief listing of tools and techniques which can be used to ensure individuals are operating with a reasonable degree of security and privacy on their computer. This quickstart guide assumes all persons are inherently lazy, and don't care anything about security or privacy. Accordingly, the tools and technologies included herein are selected because they will not only improve a person's security, but also make their (digital) lives easier. ## Things everybody should be doing - Search = [duckduckgo](https://duckduckgo.com)(free) or kagi (paid) - DNS = [NextDNS](nextdns.io) - Browsers = [FireFox](https://firefox.com) or [Brave](https://brave.com) - Password managers = [KeePassXC]() or [BitWarden]() - VPN = [Mullvad]() or [Proton](https://protonmail.com) for general purposes, PIA if you need a dedicated IP - Email = [Protonmail]() or [Fastmail]() - Multi-Factor Authentication = Always use it - Passwords = Always randomly generated from a password manager - Usernames = Should always be unique ## Additional things for slightly less lazy people - [Relay](https://relay.firefox.com) for email masks. An email mask is just a single purpose use email which relays to your actual email. For instance, if you use [email protected] as the login for your bank account, you don't want to use the same email for your gym membership, for example. If your gym has a data breach, then the hacker would have your bank account login username... which is 1/2 of the way to getting into your account (or 1/3 of the way if you use multi-factor authentication, which you should). An email mask is important here, because you can have a unique email for all of your 'non critical' account that forward message traffic to your actual email. - [UBlock Origin](https://ublockorigin.com) for taking control over your browser. Ublock is an ad-blocker which also allows for customization. The 'off the shelf' implementation is great, and its nice to be able to add specific sites or adds to it if you want. - [Privacy.com](https://privacy.com) for payments. Privacy.com is a similar concept to an email mask, but instead for your credit card. The idea here is that you add your actual credit card to privacy.com, and use that service to generate one-time use cards for all of your online purchases. This way if a site gets breached, the hacker does not have your actual credit card, just the one time card you created for that single purchase or account. - [This person does not exist](https://thispersondoesnotexist.com/) for profile pics. This site generates realistic images of fake people. For accounts that require, or suggest a profile pic, use this. Of note: this is becoming increasingly important with the proliferation of facial recognition technologies. ## Things which require a small about of learning - [ToR](https://www.torproject.org/). The Onion Router is a browser which relays your traffic to a bunch of places before it gets to the actual site you wanted to exist. As a result, it makes you harder to track. It also makes for a slower browser experience, so don't use it expecting the same performance as a typical browser. - [Linux](https://www.linux.org/). 'Linux' is a broad term here used to refer to one of the many Linux-based operating systems for your computer. There are many variants to choose from. Any of them will be much, much more secure than Windows. - [PiHole](https://pi-hole.net). Pi-hole is a quick and easy firewall you can build on a Raspberry-Pi and connect to your router. It allows you to block a lot of the garbage from the internet before it even gets past your router. Not only is this more secure, but it also speeds up your internet browsing. - [pfSense](https://www.pfsense.org). pfSense is a more robust, 'enterprise-worthy', firewall. Setting it up takes about a day if you've never done it before, but it allows for full control of your router. - GrapheneOS. A Linux OS for cell phones. - [ArchiveBox](https://archivebox.io). Archive solution for local hosted archives. - Anti-Virus: ClamAV - Authentication: YubiKey - Network Monitoring / Application Firewall: OpenSnitch - Email Client: Thunderbird (download all emails to this so you have them locally and then delete them from cloud servers) ## The naughty list.. Chrome / Edge Saving your passwords in your browser Saving your passwords on a file in your computer Social Media Public wifi (without a VPN) Alexa, GoogleHome, and other 'luxury surveillance' devices Browser extensions (exception for Ublock Origin)