Some people talk about security, many people skimp on security, few do security right. Of course, security has many meanings, but in this post I will be discussing physical and online security of data. With the amount of data available today, it is critical that we all take security seriously. In this post, I would like to talk about some of the security issues I have had in the past and a few of my approaches to ensure better security of my data. Read on to learn more!
I have had my fair share of security issues over the past:
- Physical Security: A few years back my identity was stolen (someone broke into my car)
- Physical Security: About a year ago my phone was stolen (had a password, but with access to the device easy to bypass)
- Online Security: A couple of weeks ago a hacker was close to compromising one of the sites I was running (due to an old Joomla site I was hosting)
In addition, I hear about security issues all the time in the news. Honestly, it is time every one start taking security seriously. While even today I would not consider myself a security expert, I have taken many steps to improve the security of the things I expose in public as well as on the Internet and I am constantly looking for improved ways.
Not too long ago I switched off all free, cloud-based file storage solutions (e.g. Dropbox, Google Drive, Box, etc). Now, I use Cloud Station from Synology configured with encryption and SSL (blog posts here). In addition, I encrypt all of my computers as well as my phone. The net result is that I now control my data and its privacy.
While using my devices I monitor all incoming and outgoing traffic. For example, on Macbooks I leverage Little Snitch to restrict incoming and outgoing traffic. I also leverage Sidestep when connecting to the Internet over an untrusted WiFi connection. Of course, I also send all of my device logs to a remote location securely so I can analyze them and prevent them from being compromised.
Recently, I went through the next round of hardening on my WordPress blog. In the process, I realized all of the work that had gone into my hardening efforts and the fact that I could not find a consolidated post online with recommendations. Given this, I will have a post soon to talk about the work I have done.
In addition to WordPress, I also need to harden the OS hosting my domain. Some of the ways I harden the system include:
- Frequent security patch updates
- Blocking unnecessary ports
- Leveraging iptables
- Restricting SSH with key-based authentication as well as denyhosts and fail2ban
- Leveraging mod_security
- Logging to a remote destination (Log Insight of course!)
As mentioned above, I now encrypt all of my devices. I also have them configured to wipe after a certain number of failed log in attempts. Finally, I have remote tracking software configured so I can remotely locate and wipe my devices. The net result is that even physical access to my devices provides multiple levels of protection of my data.
In general, I am trying to eliminate my wallet. Mobile credit cards are starting to take off and rewards cards can also be put on mobile. What remains are my license and work ID. One day, my phone — or some other technology device — will be sufficient.
Security is a lot of work, but it is worth it. Whether you run a small domain or an enterprise environment, if you are not constantly looking at security you are vulnerable. While it may be “acceptable” for my personal assets to get compromised (note I do not think it is acceptable), it is not acceptable that enterprises get compromised and yet I read about it all the time. I personally feel the penalties are not incentive enough to fix the problem and it will take a major security breach for people to realize that the investment is necessary. At least I am doing my part.
© 2016, Steve Flanders. All rights reserved.