All Projects → alulsh → Personal Security Checklist

alulsh / Personal Security Checklist

Personal security checklist for securing your devices and accounts.

Projects that are alternatives of or similar to Personal Security Checklist

Sbt Dependency Check
SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Stars: ✭ 187 (-25.79%)
Mutual labels:  infosec
Can I Take Over Xyz
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Stars: ✭ 2,808 (+1014.29%)
Mutual labels:  infosec
Kubestriker
A Blazing fast Security Auditing tool for Kubernetes
Stars: ✭ 213 (-15.48%)
Mutual labels:  infosec
Pockint
A portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️
Stars: ✭ 196 (-22.22%)
Mutual labels:  infosec
Iky
OSINT Project
Stars: ✭ 203 (-19.44%)
Mutual labels:  infosec
Ronin
Ronin is a Ruby platform for vulnerability research and exploit development. Ronin allows for the rapid development and distribution of code, Exploits or Payloads, Scanners, etc, via Repositories.
Stars: ✭ 220 (-12.7%)
Mutual labels:  infosec
Crithit
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (-27.78%)
Mutual labels:  infosec
Credsleaker
Credsleaker allows an attacker to craft a highly convincing credentials prompt using Windows Security, validate it against the DC and in turn leak it via an HTTP request.
Stars: ✭ 247 (-1.98%)
Mutual labels:  infosec
Pwdb Public
A collection of all the data i could extract from 1 billion leaked credentials from internet.
Stars: ✭ 2,497 (+890.87%)
Mutual labels:  infosec
Cameradar
Cameradar hacks its way into RTSP videosurveillance cameras
Stars: ✭ 2,775 (+1001.19%)
Mutual labels:  infosec
Qsfuzz
qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.
Stars: ✭ 201 (-20.24%)
Mutual labels:  infosec
Secure Desktop
Anti-keylogger/anti-rat application for Windows
Stars: ✭ 201 (-20.24%)
Mutual labels:  infosec
Sec Admin
分布式资产安全扫描核心管理系统(弱口令扫描,漏洞扫描)
Stars: ✭ 222 (-11.9%)
Mutual labels:  infosec
Basecrack
Decode All Bases - Base Scheme Decoder
Stars: ✭ 196 (-22.22%)
Mutual labels:  infosec
Keydecoder
KeyDecoder app lets you use your smartphone or tablet to decode your mechanical keys in seconds.
Stars: ✭ 236 (-6.35%)
Mutual labels:  infosec
Awesome Shodan Queries
🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻
Stars: ✭ 2,758 (+994.44%)
Mutual labels:  infosec
Contact.sh
An OSINT tool to find contacts in order to report security vulnerabilities.
Stars: ✭ 216 (-14.29%)
Mutual labels:  infosec
Isthislegit
Dashboard to collect, analyze, and respond to reported phishing emails.
Stars: ✭ 251 (-0.4%)
Mutual labels:  infosec
Rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✭ 3,439 (+1264.68%)
Mutual labels:  infosec
Autosqli
An automatic SQL Injection tool which takes advantage of ~DorkNet~ Googler, Ddgr, WhatWaf and sqlmap.
Stars: ✭ 222 (-11.9%)
Mutual labels:  infosec

Personal Security Checklist

Take the following steps to secure your devices and accounts.

Laptop or computer security

  • [ ] Use a strong complex password to login to your computer
  • [ ] Configure your computer to require a password after 5 minutes of inactivity
  • [ ] Configure your computer to require a password on wake
  • [ ] Learn the keyboard shortcut to lock your computer - Windows logo + L (Windows), control + shift + power/escape (Mac), or ctrl + alt + L (Linux)
  • [ ] Mac: add keychain status to your menu bar (open /Applications/Utilities/Keychain\ Access.app/Contents/Resources/Keychain.menu/) for easy screen locking
  • [ ] Make a habit of locking your computer when you step away from it
  • [ ] Encrypt your hard drive via FileVault (Mac), BitLocker (Windows), or LUKS (Linux)
  • [ ] Enable your operating system's firewall
  • [ ] Mac: Enable stealth mode
  • [ ] Enable a device tracking and recovery program like Find My Mac or Prey
  • [ ] Securely store and encrypt your physical backups
  • [ ] Update your operating system to the latest version
  • [ ] Update your applications to the latest versions
  • [ ] Mac: Don't use your Apple ID to login to your computer, if hacked, it can be used to remotely wipe your Macbook. Instead use a regular Macbook login.
  • [ ] Mac: Don't forget to frequently brew update && brew upgrade for Homebrew

Smartphone security

  • [ ] Use a long passcode on your phone - 12+ characters, preferably alphanumeric
  • [ ] Require a passcode immediately after sleep
  • [ ] Enable Find My iPhone or Android Device Manager to use remote wipe if your phone is stolen or lost
  • [ ] iPhone: Enable erase data after 10 bad passcode attempts (take good backups!)
  • [ ] iPhone: If you're really, really paranoid don't enable Touch ID
  • [ ] iPhone: Install and enable Ka-Block! for mobile Safari to enable content blocking (ad blocking) on your phone. Use Safari with Ka-Block! instead of the Chrome iOS app for safer mobile web browsing.
  • [ ] iPhone: Install and use Firefox Focus to enable tracking protection and make it easy to delete your browsing history
  • [ ] Android: Don't use common and predictable lock patterns
  • [ ] Android: Encrypt your hard disk
  • [ ] Android: Install and enable the uBlock Origin add-on for Firefox on Android for safer mobile web browsing
  • [ ] Frequently update your operating system and apps, especially security patches
  • [ ] Frequently backup your phone and encrypt your backups

Network security

  • [ ] Find a reputable VPN service with a laptop & mobile phone client to use for hostile networks (e.g. unencrypted wifi) or as an everyday privacy guard
  • [ ] Install the HTTPS Everywhere extension in your browser to prevent inadvertent HTTP connections
  • [ ] Install an ad blocker like uBlock Origin (Firefox, Chrome or Ka-Block! (Safari) - internet ads are a common malware vector
  • [ ] Enable plugin click-to-play on all your browsers, not just your default browser, to protect against Adobe Flash vulnerabilities

Account security

A strong complex password is at least 16 characters long (the longer the better) and has several special characters ([email protected]#$%^&*()). Two factor authentication (2FA) protects your account even more than a strong password.

  • [ ] Use a password manager like 1Password or Encryptr
  • [ ] Use a diceware passphrase as the encryption passphrase for your password manager
  • [ ] Add all of your account usernames and passwords to your password manager
  • [ ] Rotate all of your old or insecure passwords with strong passwords generated automatically via 1Password
  • [ ] Make sure every password for every account is unique
  • [ ] Replace any accurate questions to security question with false answers (store false answers in 1Password)
  • [ ] Download a 2FA app on your smartphone like Google Authenticator
  • [ ] Enable 2FA or two step verification on every account where available (see 2FA audit section) - add the software token to both your smartphone and 1Password
  • [ ] Immediately store your 2FA backup and recovery codes in 1Password

2FA Audit

Make sure 2FA or two step verification is enabled on all of the following accounts:

  • [ ] Google
  • [ ] Amazon
  • [ ] Facebook - enable Login Approval
  • [ ] GitHub
  • [ ] Dropbox
  • [ ] Apple ID
  • [ ] Slack - all of your Slack teams!
  • [ ] Twitter - two step verification with SMS
  • [ ] Yahoo! - two step verification with SMS
  • [ ] LinkedIn - two step verification with SMS

This is an incomplete list! For more information about two factor authentication, see twofactorauth.org, Turn It On, and #LockDownURLogin.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].