Best Practices & What to Look out For
KIRA Network we will be exploring further security best practices and things to look out for when exercising crypto etiquette. Before continuing, you should familiarize yourself with our first edition Don’t Trust. Verify. article as well as with results and pitfalls of the KIRA First Security Challenge where only 5 out of 138 people managed to protect themselves from every instance of the potential attack or other intention to deceive.
Workspace Isolation
Malicious software is becoming of less and less concern over the past years as old operating systems become replaced with almost daily updates and security patches to the novel OS. Many of those who are reading this article likely do not remember the last time they had to reinstall their OS because some malare wreaked havoc on their file system. This does not automatically imply that the threat does not exist and that we should take our gourd down. Tracking down Malware was always easier then Spyware that in the context of the crypto industry can have catastrophic consequences. It is also prominent in almost every aspect of our daily lives that Phishing and other forms of visual deception are on the rapid raise and can penetrate even the most secure working environments.
To work out the security ladder we need to begin with separation of our playgrounds, as well as the environment where we exercise financial operations and daily working spaces. Without such a routine in place it is almost impossible to guarantee any form of security and it’s just a matter of time when the inevitable happens. In the case of handling cryptocurrencies it is even more important and can’t be ignored. Unfortunately not everyone can afford to buy multiple laptops or mobile phones. To resolve this issue a virtualization software comes to the rescue and is supported by almost all modern CPU’s. There are many free and pay-for professional solutions enabling you to create Virtual Machine (VM) within your Operating System. By far the most intuitive and highly popular is the VMWare with both free and pay-for licenses as well as free VirtualBox
It is highly recommended that you should familiarise yourself with the virtualization software and create at least three individual VM’s dedicated to your work, entertainment and crypto/finances. The host machine on top of which you run the virtualization software should be scarcely used for installation of any software and otherwise daily use. Because the VM’s are self-contained it will be very difficult or even impossible for any malware to infect your other environments, you should be aware, that the VM used for the financial operations should have an isolated clipboard (do not allow copy/paste outside of VM) and if possible should never be run at the same time as your other VM’s. The virtualization software such as VMWare can further allow you to encrypt all your data within the VM as well as easily recover from faults if you keep a backup of your VM files.
Memory Gaps — The Human Error
Your own mind is your greatest enemy and the only defense against the overwhelming majority of exploits. The extreme number of cyber-crimes such as Phishing, target your visual and recollection capabilities. What you should never trust is your memory, ability to read, write, recall and recognize what you think is true. Critical thinking and due diligence is the only source of cognitive exploration that you should be exercising. Typing from memory any sort of cryptographic secrets, public keys, website addresses and other security data is never a good idea.
Typo’s in addresses, names, public keys are not only easy to happen to users but are often used to deceive on purpose. Never trust any foreign outlets to provide you with legitimate sources. Search engines, news websites and other outlets are often exploited either though the same Phishing techniques or via their own vulnerabilities such as advertisement or poorly managed security measures.
Best way of protecting your memory from being exploited is to not rely on it. Save all your frequently visited websites in your bookmarks and do not use external sources. Regarding credentials to websites and preserving secret data you can utilize password managers such as 1password that always preserve your information in the encrypted form, allow for synchronization and easy access from within multiple devices. It is essential that you always enable 2FA/MFA and keep full ownership of your data and secrets far beyond centralized entities such as Google and their in-house produced malware and spyware.
Summary
Stay tuned for another article tomorrow about the upcoming KIRA Second Security Challenge that will test your knowledge acquired within this and our previous security publications. To be eligible for the reward you will have to comply with the following Terms and Conditions so read through them carefully.
Remember to always verify twice, exercise due diligence and never rush though any security related processes. Try to put yourself in the shoes of the attacker and think of ways he might use to acquire access to your personal data or mislead you. We hope that this article provided you with at least a basic set of tools and ideas to up your security game and will make you prepared better for the upcoming public round.
Telegram Channel: https://tg.kira.network
Announcements: https://ann.kira.network
Twitter: https://twitter.kira.network
GitHub: https://github.kira.network
Blog: https://blog.kira.network
