https://github.com/eteissonniere/opsec-checklist

Checklist of simple and not so simple things to enhance your OPSEC.
https://github.com/eteissonniere/opsec-checklist

checklist opsec security

Last synced: 8 months ago
JSON representation

Checklist of simple and not so simple things to enhance your OPSEC.

• Host: GitHub
• URL: https://github.com/eteissonniere/opsec-checklist
• Owner: ETeissonniere
• Created: 2018-07-24T17:34:45.000Z (about 7 years ago)
• Default Branch: master
• Last Pushed: 2018-07-24T17:37:41.000Z (about 7 years ago)
• Last Synced: 2025-01-13T10:26:31.221Z (9 months ago)
• Topics: checklist, opsec, security
• Homepage:
• Size: 3.91 KB
• Stars: 18
• Watchers: 3
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# OPSEC Checklist

Brought to you by [Eliott Teissonniere](https://eliott.teissonniere.org).

## Goals

- Provide simple steps that anyone can follow to increase their own safety on the digital world.

- Provide a support for dicussion during security related talks

- Avoid promoting paronoid advices, this should be understandable by most people

## A few steps to check

### Accounts

- [ ] Use a solid and reputed password manager

- [ ] Only use strong passwords

- [ ] Remove useless accounts

- [ ] Security questions’ answers should not be easy to find

- [ ] Security questions’ answers can be random and managed in the password manager

- [ ] Rotate passwords regularly (ex: once a year)

- [ ] Have a clear and secure way to share passwords

### Communications

- [ ] Setup secure channels for everyday uses and emergency purposes

- [ ] Be able to authenticate exchanges (GPG)

- [ ] Encrypt everything (GPG)

### Companies

- [ ] Setup bug bounties

- [ ] Idea: sentinel network

- [ ] Dedicated security team

- [ ] Have an incident response plan and team

### Crypto

- [ ] Hardware wallet

- [ ] If hardware wallet is not possible, paper wallet

- [ ] Escape hatch?

### Users

- [ ] Should understand the risks of social engineering and phishing attacks

- [ ] Have the least privileges needed to perform their work

### Servers

- [ ] Use an SSH public key

- [ ] Ultra restrictive firewall (whitelist)

- [ ] Fail2ban like system

- [ ] Regular automated backups on a remote system

- [ ] Audit and IPS / IDS system, with logs sent to a remote system

- [ ] Isolate services via Docker or an equivalent (rkt…)

- [ ] Use honeypots

### Social

- [ ] Avoid posting locations

- [ ] Avoid posting your trips and vacations (people know you ain’t home)

- [ ] Avoid clear posting patterns (random post habits)

- [ ] Do you need this profile?

### System

- [ ] Regular backups

- [ ] Setup backup reminders (TimeMachine does it for you)

- [ ] Redundant backups (if you lose one)

- [ ] Use a strong session password

- [ ] Encrypt data

- [ ] Lock firmware with a password

- [ ] Turn on secure boot, with its maximum settings

- [ ] Disallow booting from something else than the hard drive

- [ ] OS should have protection features built in and turned on

- [ ] Have a good firewall, with restrictive settings

- [ ] Check confidentiality settings