Your security options - an unexcited approach

Jan Krutisch announced on the january Ruby User Group a security focus for the february event. So I started collecting some of my experiences … Sadly I didn’t made it in time for last week’s RUG at Jimdo. But this way I can sum up some learnings and links.

Security might drive you mad those days, so don’t think the way “I have to secure everything” but look for a certain aim you want to fulfill, e.g.

• I want to secure my files
• I want to send safe mails
• I want to browse safely
• I want to secure my blog
• ..

because “security itself is just an abstract construct and concrete aims will better stick to your brain” (see MeierOnline’s slides). That way psychology won’t stay in your way! Basically you have the following options, which will help to focus you.

Computer

Let’s start with different grades of system security, either encrypt

• the whole system while installing check the appropriate options or do it afterwards,
• the home directory or
• just add an encrypted folder.

The last is really fast done, e.g. install EncFS $ sudo apt-get install cryptkeeper encfs and than create with the cryptkeeper GUI an encrypted directory.

For a good overview see also the Electronic Frontier Foundation’s notes, which are a bit older but not outdated!

Network

When logged in public wireless lan use common VPN Services or pimp your FRITZ!Box and observe with IP Schwein the change!

Mail

Use GnuPGP for signing and encrypting emails.

Browser

Install security extensions which will help you

• to avoid pixel tracking, use Ghostery and
• to encrypt your communications with many major websites, making your browsing more secure, use HTTPS Everywhere.

Passwords

When I first explained my kids the “idea of passwords” they replied immediately: “Than we use the the string “key” as password - as it locks something away!” Oops …

Safe Passwords

Just two simple rules

• Use erverywhere different passwords, with at least 8 better 10 digits and some unordinary signs.
• Generate random passwords or build sentences to remember self made ones: “This is my 1st awesome & really safe Password !” => “Tim1a&rsP!”

Than find yourself a location to

… access them from everywhere

Regardless where you are, for sure you will need some passes. I like the cross plattform password manager KeePassX, which works on Linux, Mac, Android (KeePassDroid, Keepass2Android) and is Open Source. But there are many others!

To install the latest greatest with support for the KeePass2 database format (.kdbx), build yourself via the github repo or get a debian package from the KeePassX developers team:

$ sudo add-apt-repository ppa:keepassx/daily
$ sudo apt-get update
$ sudo apt-get install keepassx

Then “mashup” and put the database file in your trusted home ownCloud or cloud drive (Google Drive/Dropbox) and you’re always on.

Alternatively - if you don’t need any GUI - use VIM as your Password Manager.

Website Encryption (SSL)

See Ben’s introduction to client side certificates and Jan’s blog post “Going Full Encryption” with the associated slides - no more to say!

Further infos and links on the February RUG page, over and out!