Operational Security and the Real World

An important part of the OPSEC approach to security is implementing compartmentation to limit the damage of any one penetration or compromise. This is sometimes referred to as impact containment. By compartmenting your operations, the control center over your accounts, and the information available from any single persona source, you are limiting the impact of a compromise.

High value targets should be separated and kept clear of low value targets. For example, your personal Amazon account should be separate from the account used to manage your business Amazon services. Your email accounts used for controlling critical online services should be resilient against compromise (gmail, for example, with 2FA). This email account should not be used for anything other than managing those services, and it should be separate from your personal account.

The security of proper compartmentation is that it limits the pain and damage of any one compromise. This security is robust regardless of the technological safe guards in place because it resides outside of the technological realm. The strength of this compartmentation is directly proportional to how strong your compartment walls are, and how well you maintain them. This takes discipline. But it is hardly impossible.

There are multiple cases where regular people are starting to discover that the operational security approach is the only protection against a determined targeted attack.

In every instance, it is the lack of compartmentation between accounts and personas that has been the cause of the pain. Without proper compartmentation, attackers are able to leverage information from one compromised account to access another related account. Increasing privileges and traversing across the persona’s exposed and interlinked account control centers.

At a bare minimum — keep your business and personal life (and accounts) separate.

Compartmentation is what will save your ass when the attacks are targeted.

Support more content like this.

Republished from Tumblr.