With all this discussion of NSA and the likes, I’ve been thinking a lot about privacy and security. The truth is that I can’t really do much to block the prying eyes of the government but I can be aware of my assets and do the best that I can to keep them secure.
The first place to start with protecting your digital assets is to use 1Password.
You can think through protecting yourself from a Red Team mentality. The CARVER method can help you identify the vulnerabilities to the assets you want to protect:
- Criticality: The target value. How vital is this to the overall organization? A target is critical when its compromise or destruction (failure to provide any of the CIA triad components) has a highly significant inpact in the overall organization.
- Accessibility: How easily can I reach the target? What are the defenses? Do I need an insider? Is the target computer off the internet?
- Recepurability: How long will it take for the organization to replace, repair, or bypass the destruction or damage caused to the target? Once the compromise was found, how long will it take for the system to recuperate from it.
- Vulnerability: What is the degree of knowledge needed to exploit the target? Can I use known exploits or should I invest in new, possible 0day exploits?
- Effect: What’s the impact of the attack on the organization? Similar to the first point (Criticality) this point should also analyse possible reactions from the organization.
- Recognizability: Can I identify the target as such? How easy is to recognize that a specific system / network / device is the target and not a security countermeasure.