- What is the Priciple of Least Privilege (PLP)?
- Why You Should Not Run as an Administrator or Root User
HTTPS SSL TLS
- Here’s Why Your Static Website Needs HTTPS by Troy Hunt
- HTTPS Is Easy!
- Let’s Encrypt is a free, automated, and open Certificate Authority brought to you by the non-profit Internet Security Research Group (ISRG).
- What Is HTTPS, and Why Should I Care? by Chris Hoffman
- HTTPS and Privacy by Jacob Baytelman
- SSL Server Test: This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet.
Training / Certifications
- Cybrary – Free IT & Security Training
- Cisco CCNA Cyber Ops Certification
- GIAC Cyber Security Certifications
- privacytools.io provides knowledge and tools to protect your privacy against global mass surveillance.
- Panopticlick will analyze how well your browser and add-ons protect you against online tracking techniques.
- IP/DNS Detect – What is your IP, what is your DNS, what information is sent to websites?
- DNS Leak Test – When using an anonymity or privacy service, it is extremely important that all traffic originating from your computer is routed through the anonymity network. If any traffic leaks outside of the secure connection to the network, any adversary monitoring your traffic will be able to log your activity.
- DNS Nameserver Spoofability Test: Can you trust your Domain Name Servers?
- Established to serve as a one stop site for access to the latest resources on information security as well as measures and best practices for the prevention of cyber crimes.
LastPass is a password manager. It helps you be more secure by making it easy to use a different password for every Web site.
- LastPass uses: AES-256 bit encryption with PBKDF2 SHA-256 and salted hashes to ensure complete security in the cloud.
- User data is encrypted and decrypted locally at the device level. Data stored in the vault is kept secret, even from LastPass.
- The user’s master password, and the keys used to locally encrypt and decrypt user data, are never sent to LastPass’ servers, and are never accessible by LastPass.
- When adding a new Web site, make sure to turn off AutoFill
Subdomain autofill feature raises questions over LastPass security by James Walker | 2018-06-28
- LastPast Configuration
- On the Login screen: Uncheck “Remember Email”
- On the Login screen: Uncheck “Show My LastPass Vault After Login”
- Under: Preferences > General: enable “Automatically Logoff when all browsers are closed for (mins)” and set the time to 1 min
- Equivalent Domains: These are different domains that belong to the same entity. Also some Web sites my switch to a different domain for authentication.
- Go to: My Vault > Account Settings > Equivalent Domains
- Some “Equivalent Domains” to add to LastPass are:
- comptia.org, certmetrics.com
- nysed.gov, ny.gov
- nycboe.net, nycenet.edu
- apple.com, icloud.com, itunes.com
- Make sure to:
- Export your encrypted LastPass Vault data on a regular basis: Tools > Export To > LastPass Encrypted File
- Download and keep a copy of the current LastPast executable. This will allow you access your exported data, if LastPass.com is not available or you don’t have Internet access.
- SecurityNow! Episode #256: In-depth review and evaluation of LastPass (00:52:28 – 01:53:00). [Show Notes]
- Review: LastPass password manager (thetechherald.com)
- LastPass Review & Rating (PCMag.com)
- Video: Why use LastPass?
- Wikipedia Article on LastPass
- Password Haystacks by Steve Gibson
- Am I An Idiot for Still Using a Password Manager?
- Five Best Password Managers
- Busting Password Myths, Paul Ducklin and Chester Wisniewski take a look at the thorny issue of password rules and regulations.
- How to choose a strong password – simple tips for better security
- Random Word Generator
- Using passphrases of 3 or more random words have proven to be more secure that random characters, as long as they’re long enough.
Multi-factor Authentication / 2-Step Verification
- The default behavior of uBlock Origin when newly installed is to block ads, trackers and malware sites — through EasyList, EasyPrivacy, Peter Lowe’s ad/tracking/malware servers, various lists of malware sites, and uBlock Origin’s own filter lists.
- Add-on’s: Mozilla Firefox ~ Google Chrome
- Security Now 523: uBlock Origin Features
- As NoScript requires user interaction to train it, you may want to do the following:
- Install uBlock Origin
- Install NoScript
- Go into Add-ons Manager > Extensions
- Disable NoScript, but, choose “No, just stop blocking scripts” when you see the Security Downgrade Warning.