Digital security basics
An action plan for ordinary citizens
Digital security is not only a need for large organizations or high value individuals. In fact, if you are reading this on your computer or smartphone you should need it to.
Cybersecurity is a large and complex topic. It’s almost always complicated to handle for a non-expert. Here is a small attempt to make this a little simpler for the mere mortal. I propose an action plan to achieve a reasonable level of security that each of you deserves for his digital activities. This action plan is not the only valid path. It is not puristic from a security point of view. The goal is to have a concrete and simple set of steps to make things better for the average individual.
If you don’t understand something while trying to follow this guide you can reach me on Twitter @piotrcki.
1. Clean your online presence
Estimated time: 1 to 4 hours.
1.1. Make a list of all you online accounts
Try to write down a list of all your online accounts. Help yourself by searching in your mailbox.
1.2. Delete obsolete accounts
If you don’t need an account anymore, delete it.
1.3. Consider migrating to more respectful service providers
If you can choose between several service providers, chose one that cares about your privacy and the security of your data.
1.4. Review settings
For all of your online accounts, go to the setting and review all privacy and security options. Take few minutes and ask yourself what you really want to share and with whom.
1.5. It’s time to change all your passwords!
Passwords are often the weakest point of security. The two most important rules concerning passwords are:
- A password should have an entropy of at least 80 bits (more for important encryption keys). In other words it should be long and unpredictable.
- A password for an account should be unique and unrelated with your other passwords.
The best way to respect those security rules is to use a password manager. Keepass is a good one. Such software manages all your passwords and allow you to generate long and random new ones. It can encrypt your passwords before saving them on your hard drive, a “master password” (the only one you will need to remember) will be needed to unlock the others.
2. Clean your laptop
Estimated time: 1 to 2 days.
2.1. Backup your data
Save all your important data on an external storage. This is very important.
2.2. Chose a Linux distribution
If you already have Linux installed (with full disk encryption) go to 2.8.
2.3. Prepare your install media
Read the installation instructions from the website of the Linux distribution of your choice and prepare the installation CD, DVD or USB drive. Check the digital signature of what you download it you know how to do it.
Try to boot on the installation media. If you have never used Linux it would be a good first approach.
2.4. If you need to keep your OS…
If you really need to keep your current OS, think about how to manage the dual boot.
2.5. Choose 3 good passwords
- Password 1 will be needed to boot the laptop.
- Password 2 will be needed to unlock you hard drive and do administrative tasks on your laptop.
- Password 3 will be your regular user password.
2.6. Install Linux
Install Linux on your laptop. Turn on full disk encryption during the installation process. If you choose to use a swap partition make sure it is encrypted too.
With full disk encryption, if someone get your laptop he will not be able to extract data from it without your encryption password.
Use password 2 as disk encryption pass phrase and root password. Use password 3 as your user password.
If you have other devices running Android or Mac OS X you can turn on full-disk encryption (also called “device encryption”) easily, and you should do so. Recent iPhones are encrypted by default.
2.7. Learn how to use your freshly installed operating system
Once you installed your favorite Linux distribution it’s time to learn how to use is. Try to:
- browse the web;
- change the wallpaper;
- change the sound level;
- install a new software;
- update your system;
- restore your data :)
2.8. Set up a screen locker
Make sure your screen is only unlocked when you are in front of it. That could prevent someone else to access your laptop without your consent.
2.9. Set up the boot password
Go to you BIOS / UEFI settings and set a boot password. Such password will prevent someone to start your laptop without your consent and that would make a lot of attacks much harder to do.
2.10. Keep your system up to date
When a security vulnerability is discovered, developers usually fix it. That’s why it is important to keep your operating system and all your installed software up to date. Package managers make it easy to do.
2.11. Have a backup strategy
Your laptop could get broken, lost or stolen. If it happens, make sure that your data will not be lost. Backup your data to an external encrypted storage at least each month.
3. More advanced security practices
Estimated time: a whole life of practice :)
Here is a list of things you might want to do go deeper in that field:
- Use end-to-end encryption to protect your digital correspondence. I would advice using emails encrypted with OpenPGP (the encryption software is called GnuPG). This is not the most easy tool to use but it has a lot of feature and it integrates with email which is an Internet standard that everybody already use.
- Harden your OS with things like firewall rules, SELinux policies, Grsecurity ect.
- Try a security focused OS like QubesOS or Tails.
- Want a better security for your smartphone? Take a look at CopperheadOS.
- Set up your own servers to store your files or your emails.
- Go to some conferences about cybersecurity or free software to learn more.
And don’t forget to tell your friends to protect themselves!