What have you changed with your own security posture?

shochanshochan Member Posts: 1,004 ■■■■■■■■□□
Everyone is hacked...it's our daily IT news....

So, have you done anything about it?  What have you improved on?  Better social media security?  Longer/complex passwords?  Upgrade your firewall/router at home?  Encrypting your own hdd's?  Mobile device awareness (not jumping on free wifi, disabling bluetooth, AV),  Password managers, Honeypot on your home network so you can see who might be attacking you, IPS/IDS installed, VPN on whenever you surf, Using proxies all the time, using a more "secure" browser, etc...etc...etc...

Tell me, it would be interesting to hear and learn new security methods.

cheers!
CompTIA A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+, ISC² CC, ISC² SSCP

Comments

  • mikey88mikey88 Member Posts: 495 ■■■■■■□□□□
    I've read somewhere that not reusing passwords and not clicking on email links eliminates like %90 breaches. So, that's a good place to start. I do some of the things you mentioned but definitely not all.
    Certs: CISSP, CySA+, Security+, Network+ and others | 2019 Goals: Cloud Sec/Scripting/Linux

  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    edited June 2019
    Most security breaches happen because someone did something they weren't supposed to do.  Or things just not getting updated.   Easy things for an individual to keep track of at home if they actually care even a little about it.   Don't need a fancy security system at home to stop hackers.    Just keep your passwords and important information in a secure space. 

    Companies get hacked because multiple that one individual by 10,000 and your chances someone screws something up somewhere is almost guaranteed.   
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    Agree with NetworkNewb. Sticking to the basics is the key:
    - Password managers to mitigate password reuse
    - Patching
    - Don't click on random crap
    - Low privilege accounts for everyday use
    - Harden devices (encrypt, shutdown unused stuff, etc.)
    - etc.
    I lead an infosec team protecting very important stuff and have nothing fancy in my home network for prod. I only deploy tools on my lab so I can keep up to speed. My only concern at home is availability. I have automated most of my important backups to cloud destinations but currently working on figuring out a "dead man's switch" solution to ensure my family gets encryption keys and access to my stuff if I'm not around.
  • Fulcrum45Fulcrum45 Member Posts: 621 ■■■■■□□□□□
    I try to follow best practices in general but sometimes it's a moot point. The VA has lost my information three times due to stolen laptops. Equifax certainly didn't help things either for anybody. It's not tech, but I've since added ID theft protection (more like insurance) and treat it like my water or electric bill- just a modern day necessity. 
  • PC509PC509 Member Posts: 804 ■■■■■■□□□□
    I'm not sure if we're the best crowd to gauge what people are doing to secure their stuff. I know myself and many others go way overboard not because we're paranoid, but because we want to learn the stuff. We go overboard with the firewall, SIEM, IDS/IPS, VPN's, etc. as part of our home network just for fun. Yes, it adds security, but it's also not very typical. I have some of that stuff, but it's not to be more secure, it's to learn and play with the stuff for fun. Additional security is a byproduct. 

    I do use 2FA whenever I can, don't reuse passwords, encrypt my information at home, regular backups, updates. Firewall/SIEM/IDS is just for fun. :) 
  • PseudonymousPseudonymous Member Posts: 78 ■■■□□□□□□□
    edited June 2019
    - Password manager and 2FA when available
    - I regularly update my passwords
    - I delete all unused old accounts instead of just letting them sit around
    - I only use disposable gift cards or disposable virtual cards for online purchases
    - Credit is frozen
    - *edit* I also use VPN when I'm not home
    Certifications: A+, N+, S+, CCNA: CyberOps, eJPT, ITIL, etc.
  • AvgITGeekAvgITGeek Member Posts: 342 ■■■■□□□□□□
    Every single account has a different password. My security issue with this is that I have all of them stored in Outlook in a PST. I guess someone would have to gain access to my computer and grab my PST.
    Bank is 2FA along with work VPN.
    That has been working for me.
  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    I'm old and been in this game a long time, so I can't say that lately I have changed many habits to be more secure. On the contrary, I probably have relaxed things over the years. I've gotten over needing to be anonymous everywhere; I've relaxed what I try to keep to my chest, since, well, that ship sails whether we're involved or not. I also don't get too crazy at home, because, maintaining things at home to crazy standards and maintaining honeypots and things like that can really steal time away from life, ya know? I've often started out on the secure route...which means not too much surprises me (never used Facebook, saw that writing on the wall from day 1 when I wasn't even allowed on yet due to being too old...haven't trusted Google since they went public...still use cash every chance I have...etc).

    If anything, I probably rotate my important passwords more often, but usually in large swaths. I don't do cloud password managers or browser helpers. I keep them in an encrypted file. If I need them at, say, work or while using another laptop, it's on me to copy it over there and the tools to read it.

    I also increasingly think about the future and if I may not be in it. As such, I do have a way for loved ones to recover all of the above in such an event.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • jeremy_dfirjeremy_dfir Member Posts: 23 ■■■□□□□□□□
    We have recently moved to what is known as Tactical Analytics. We take the most common attacks from MITRE's ATT&CK or we analyze attacker TTPs found in our honeypots and we then test (emulate) them against our defense solutions.

    Whatever goes through, we try to create a detection for it. A SIEM query, an IDS rule etc.
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    edited July 2019
    We have recently moved to what is known as Tactical Analytics. We take the most common attacks from MITRE's ATT&CK or we analyze attacker TTPs found in our honeypots and we then test (emulate) them against our defense solutions.

    Whatever goes through, we try to create a detection for it. A SIEM query, an IDS rule etc.

     Man, that is THE tightest personal security posture! 
  • jeremy_dfirjeremy_dfir Member Posts: 23 ■■■□□□□□□□
    edited July 2019
    @cyberguypr

    This is what we do in the organization i work for... and again... we really strive towards achieving this..... Too difficult to find the perfect balance....

    Sorry if i wasn't clear enough.... This is not my personal project....
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    That makes more sense. Read it in the context of the discussion, which was personal.
  • sil3nt_n1njasil3nt_n1nja Member Posts: 9 ■■■□□□□□□□
    edited July 2019
    I have been experimenting with a custom ELK that ingests sysmon and firewall logs. Being a red team guy, i am still amazed by the legit parent-child relations that i didn't know about :confused:
  • Azt7Azt7 Member Posts: 121 ■■■■□□□□□□
    edited July 2019
    I basically apply corporate concepts to home security : 

    • DR (local and cloud)
    • Perimeter (  Firewall / SIEM / IPS / IDS, TLD blocking, guest network)
    • Endpoint (multiple detection engine on all devices, encryption / remote wipe / localization on mobiles)
    • 2FA & custom password management
    ... 

    Quite a few things. Thankfully, the family is aware of things and embraced all that layering over time !
    Certifications : ITIL, MCSA Office 365, MCSE Productivity, AWS CSAA, Azure Architect, CCSK, TOGAF
    Studying for :  TBD
  • sil3nt_n1njasil3nt_n1nja Member Posts: 9 ■■■□□□□□□□
    Thankfully, the family is aware of things and embraced all that layering over time ! <- I loved that part of your post @Azt7

    My wife comes across 2FA when trying to access sensitive accounts of mine :wink:
Sign In or Register to comment.