abstract: FILL_dyAbstract

Threads: Dangers and Counter measures

What are the dangers threatening my family IT? To protect the installation I have to understand the dangers against which I have to protect and then to select proper countermeasures.

It seems important to identify the threats which are real and must be acted uppon - most data and web services are not worth special attention!


Is it reasonable, to streamline the effort to secure the installation minimally and concentrate on the crucial points?

A comprehensive and useful list which is not so obviously trying to sell services, stresses data centric approaches -- which means likely encryption -- and mentions insider threats. Additionally consider what are the acceptable risks and what are the current threats -- these two points are likely less important for my rather theoretically motivated investigation.

The downside of efforts to secure IT is usability, practicability and cost (in terms of fixing errors caused by confusion and complexity).

A real simple strategy: - obscure port numbers for ssh (obfuscation, avoid stupid attackers) - interactive logins with hard, different and changing passwords; vsudo removes the need to type them often. - access to servers by key only (automatically set up) and password only for localhost. - passwords for financial resources (bank accounts) encrypted


some cheks

Human error

Deletion and similar

The major and most likely threat are my actions and actions of permitted users which have effects not intended:

footnote: deleted all files by using syncthing with an empty folder (which had a .stFolder mark). recovered from borg backup.

Counter measure:

Versioning with syncthing (the original copy is kept at the remote location and archived). Long-term archival: a syncthing disk is kept complete every 1..3 years.

TODO: syncthing: keep versions for unlimited times. which servers should have the versions? (probably only the syncservers)

rasnsom software and similar

There is a potential - probably smaller when using Debian and Mate than when using Microsoft - for malicious software to install and then to encrypt the data on disk in order to extract a payment to release an decrypt key.

The easiest countermeasure is to have a regular backup on a not-connected device; the loss is then only the data added or updated since the last backup. Given that the probability of this attack is small, the potential loss of some recent changes is acceptable.

The danger is that the ransom software tries to find all connected devices; it should be possible to export access (with nfs), but I fear the server can see the client connected; then it will be necessary that the server cannot access the client to damage the backup data.

Loss of data in the cloud (email server..)

Recent mail is stored in the cloud, typically on an email server; it can be lost (or inaccessible) when the server is lost (technical malfunctioning or termination of contract).

Regular download of mail to local storage in a long term readable format (mbox). Once mail is locally stored, the protection of local data applies.

Loss of access to data for lack of software

Access to data is lost if the software necessary to manipulate the data is unavoidable.

Store all data of importance in long term accessible formats: - txt - caldav/cardav - bibtex, latex lyx?? - odt ? - - pdf

Access to passwords and other secrets

Assume there are some pages where I store (disguised) secrets (passwords to financial services, email services used for password recovery).

Which email accounts must be protected?

On which email accounts important information is received? My banks send me only information that I have email, but do not send email directly. I have then to access their (secure) communication channel.

It seems only the account used for recovery needs protection. The only danger is a password which is inserted in some code which ends up on github and could be found there - together with sufficient other credentials.

Probably a regular change of access passwords to desktops.

web services: which to protect?

There is a large number of web services (linkedin, github, google, stackoverflow) where I have social credit and a malicious user could ruin my social standing - not worth special protection mechanism.

Attention: google play has an authorization to charge my credit card. Can this be limited?

SSH keys for access to remote computers are only useful together with the secret key; it is necessary to protect these files ()

Secret data stored

I have my secret data in my personal wiki. The data are stored on all computers without particular protection (and synced even to my mobile phone).

The data are protected with an ordinary password; on the phone with my fingerprint.

Produced with SGG on with master5.dtpl.