Let's talk about security

Hey guys,

I am not sure if this has been spoken yet.
But i was wondering if there are any discussions about privacy with security.
I think there should be another page on privacytools about this.

For instance i use Bitdefender as security on all my devices and use maleware bytes for malware.
I use more software to do scans to keep my pc safe…

Any ideas about this yet?

Bitdefender like many other antivirus are terrible for privacy. Just take look through there privacy policy yourself, and you’ll see exactly what I’m talking about.
Security, and privacy go hand in hand. For example want a secure messaging platform use Riot, or Signal. If a option is Private then it will have good security I feel pretty good about saying that since for a option to remain private is has to be able to stop people from eating your data.

Great day to start the topic :slight_smile:
https://arstechnica.com/information-technology/2020/08/snapdragon-chip-flaws-put-1-billion-android-phones-at-risk-of-data-theft/

Latest version(s) of Windows 10 are very secure out-of-box, and in my opinion, there is no need to use any additional 3rd party tools. Just be careful and follow security guidelines and best practices (for e.g. phishing attacks, pirated software, password management, software update, etc.)
The same applies for other systems (Linux, OS X…). Don’t think it is more secure and stop caring about above mentioned things

What worries me the most is SaaS security. I’ve seen many companies offering SaaS for really important things, for businesses (project management, inventory management, CRM, ERP, cloud storage…) with security measurements so low, I wouldn’t even recommend them to my competitor. When I see things such as: “Password must have at least 8 characters, 1 capital letter, 1 symbol, 1 number”, I don’t even want to test it / use trial version. Many of them don’t have 2FA, option to limit IP range for logins, device control, etc. And all of them try to convince users they care about security

Hey,

Great Question

Classic antivirus protection can only provide limited protection in this days. Because of the many rights that a Software has on the machine, it can come to a high risk (vulnerability, privacy, etc). Human Firewall is still a very important point!

Endpoint security becomes more and more important, I would recommend to use an Intrusion Detection System (Snort etc.). Think about securing the whole Network, use a sniffer to analyze the traffic!

Greetings

i am not familiar with sniffers. i know what it is… but i dont know which to trust and how to use it.

pffft… ya… see. i was afraid of that.
i am planning to patch my dns… its on my planning list.
for now i use mullvad

I think the best network sniffer is Wireshark

Are you using the VPN for Pirvacy? Check out this GitHub Gist page why you shouldn’t do that. (in my opinion you should also not host your own VPN on a outsourced cheap Server). Don’t rely on a VPN for privacy!

Yeah, great Idea.

no im not using it for privacy… im using it for an extra layer security

Just a little note here:

Information security is a vast topic. You need to consider technology, humans, and processes. You also need to consider measures to identify your assets, detect malicious activity, respond to attacks, prevent attacks, and recover from attacks.

In the best case, you have your custom mix of security controls.

For instance, a firewall with a strict rule set may prevent some attacks when you continuously improve its rule set. However, a firewall can’t detect all malicious activity. For this, you need an intrusion detection system (IDS). However, an IDS is based on signatures (similar to anti-malware software), so you need to continuously update its signatures. Then, there are honeypots that can detect previously-unknown attacks, but you need to derive new attack signatures from malicious activity that you recorded. This knowledge from honeypots allows you to react to attacks. Moreover, you need current backups and recovery tests to successfully recover from attacks that couldn’t be prevented or detected.
Deploying some technology without a plan adds some security, but it is basically like replacing the lock cylinder of your front door while you leave all windows open.

Besides technology, you as a human need to be aware of new attacks and your security controls. Keep in mind that social engineering (manipulation humans by exploiting their human characteristics) perfectly works without any technology. SE isn’t only phishing.

Finally, there are processes. Things need to be updated, revised, documented. Furthermore, you need to behave in certain ways to ensure that your security controls are used effectively.

Hopefully, you see that single products like Bitwarden vs. Lastpass doesn’t matter. You need to look at a much higher level.

1 Like