Red Teaming Yourself
A reader recently asked me if I can help him Red Team himself, to check his digital footprint and to know whether he was safe out there.
My answer was a list of things that he can check and that if any of these questions raised concerns then we could take it one step further.
Here's the list, I think it will help you threat-assess yourself:
- Use passphrases instead of passwords
- Use different passphrases for different accounts
- Don’t reply to spam emails or click on links/pictures without verifying them, even when they came from friends
- Don’t respond to emails coming from companies requesting more information about you, call them, and only to the number that you know it’s the real number
- Don’t open PDF, office documents, GIF or JPEG files directly on the email client or browser.
- Don’t run Windows. If you do, you at least have it hardened for security
- For Windows users, you have at least a good personal firewall (not free) and a good anti-malware (not free) (they don’t really work, but they do catch the script kiddies)
- Don’t use pirated software, most have backdoors
- Your mobile devices (phone, tables, etc) are password protected.
- your mobile devices are not rooted and you download apps from trusted sources
- Install the latest updates on both the computers and mobile devices
- Don’t download apps for your computer from “download” sites, but from their author’s site or the app store
- Don’t use filesharing services (torrent, etc)
- You clean the browser cache, cookies, history, etc, at least once a day
- Use an ad block plugin for your browser. Ads a worthless and can contain redirects to malware sites
- Don't use any other browser plugins, unless you wrote them yourself
- Don’t use Internet Explorer
- Don’t install Flash, Silverlight or Java
- Don’t connect to public, unprotected wifi networks. If you do, do not login to any personal sites (bank, email, etc)
- Harden your computer for security
- Enter your own URL and not just click on the link
- Lock the computer when you walk away
- Don’t use public computers
- Buy online ONLY from trusted sources
- Do NOT let browsers store passwords for you
- Read the error messages, don't just click OK
- Don’t reveal SSN or other personal identifying information (address, mother maiden, girlfriend name, identifying marks, tattoos, etc)
- Don’t share you life on social media, in fact stay away from social media unless it’s needed for work and then only post very little.
- Keep sensitive information such as bank accounts, ssn, medical, etc off your mobile devices and computer (at least the computer that you travel with)
- You have training on social engineering and know how to spot someone trying it
- Stay away from Facebook if possible
- Shred anything that has your name on it
- Digitally shred sensitive files
- Wipe your HD when you want get rid of it