-
-
Notifications
You must be signed in to change notification settings - Fork 76
Security training: Organizers and Journalists versus Assholes with Resources
Wiki ▸ Security culture ▸ Persona-based training matrix ▸ Security training: Organizers and Journalists versus Assholes with Resources
| Attackers | ||||
|---|---|---|---|---|
| Random Assholes | Assholes with Resources | The State | ||
| Defenders | Individuals | Individuals vs Random Assholes | Individuals vs Assholes with Resources | Individuals vs The State |
| Organizers and Journalists | Organizers & Journalists vs Random Assholes | Organizers & Journalists vs Assholes with Resources | Organizers & Journalists vs The State | |
| Targeted Activists | Targeted Activists vs Random Assholes | Targeted Activists vs Assholes with Resources | Targeted Activists vs The State | |
Before you dive too deeply into this practice material, you should first explore the following lower-hanging fruit in the following order:
- Security training: Individuals versus Random Assholes
- Security training: Individuals versus Assholes with Resources
- Security training: Organizers and Journalists versus Random Assholes
- Audit your webserver for information disclosure vulns (a thorough treatment of webdev security things):
- Turn off "directory listings" on your webserver
- WordPress users should follow these guidelines
- Use alternatives to Google Docs such as pad.RiseUp.net or share.RiseUp.net, etc.
- Prevent spoofing of emails claiming to be from your domain by implementing DKIM for email services you provide
- Use the ValiMail Domain Checker to check that your domain is correctly configured to be able to accept and relay validated/authenticated email.
- Use DKIM Verifier for Thunderbird to test your (or anyone else's) DKIM setup in your email client.
- On your server(s), use LetsEncrypt to enable TLS connections (for Web+Mail+any hosted service)
- Specify a CAA (Certificate Authority Authorization) DNS record for your domain to assert only your CA of choice (like Let's Encrypt) should issue certificates for your domain.
- Use Tor to hide your physical-world location
- Consider placing your own domain behind CloudFlare to hide your server's origin
- Replace Facebook (or other similar) group chats with secure messenger (e.g., Signal) group chats
- Turn off all logging by the services you run you don't regularly look at. (Configure per-service or using
logrotate(8)rotate 0andshredconfiguration options.) - Test RSA keys you've generated against the ROCA vulnerability and re-key if necessary.
- Use a hardware second factor (an "authentication dongle") on sites that support hardware-enforced second factor authentication support.
- Whitelist external USB, Thunderbolt, etc. devices with tools such as USBGuard.
- If you run an Intel motherboard, change the default Intel AMT BIOS password from its default of
admin.
The NYC chapter of the Anarcho-Tech Collective provides technological and digital infrastructure support services to anti-fascist, anti-racist, and anti-capitalist organizations in New York City. See our Activities and events page for details. Read our Welcome guides to get involved.
We appreciate your support to help us do what we do. If you have the means, please donate BitCoin to 17ByVbkM6mf7bytqWRFwzjqradBkmVh4Tr.
Found an error in these pages? Please let us know by submitting a new issue ticket.