└── README.md


/README.md:
--------------------------------------------------------------------------------
 1 | # OPSEC Checklist
 2 | 
 3 | Brought to you by [Eliott Teissonniere](https://eliott.teissonniere.org).
 4 | 
 5 | ## Goals
 6 | 
 7 | - Provide simple steps that anyone can follow to increase their own safety on the digital world.
 8 | - Provide a support for dicussion during security related talks
 9 | - Avoid promoting paronoid advices, this should be understandable by most people
10 | 
11 | 
12 | ## A few steps to check
13 | 
14 | ### Accounts
15 | 
16 | - [ ] Use a solid and reputed password manager
17 | - [ ] Only use strong passwords
18 | - [ ] Remove useless accounts
19 | - [ ] Security questions’ answers should not be easy to find
20 | - [ ] Security questions’ answers can be random and managed in the password manager
21 | - [ ] Rotate passwords regularly (ex: once a year)
22 | - [ ] Have a clear and secure way to share passwords
23 | 
24 | ### Communications
25 | 
26 | - [ ] Setup secure channels for everyday uses and emergency purposes
27 | - [ ] Be able to authenticate exchanges (GPG)
28 | - [ ] Encrypt everything (GPG)
29 | 
30 | ### Companies
31 | 
32 | - [ ] Setup bug bounties
33 | - [ ] Idea: sentinel network
34 | - [ ] Dedicated security team
35 | - [ ] Have an incident response plan and team
36 | 
37 | ### Crypto
38 | 
39 | - [ ] Hardware wallet
40 | - [ ] If hardware wallet is not possible, paper wallet
41 | - [ ] Escape hatch?
42 | 
43 | ### Users
44 | 
45 | - [ ] Should understand the risks of social engineering and phishing attacks
46 | - [ ] Have the least privileges needed to perform their work
47 | 
48 | ### Servers
49 | 
50 | - [ ] Use an SSH public key
51 | - [ ] Ultra restrictive firewall (whitelist)
52 | - [ ] Fail2ban like system
53 | - [ ] Regular automated backups on a remote system
54 | - [ ] Audit and IPS / IDS system, with logs sent to a remote system
55 | - [ ] Isolate services via Docker or an equivalent (rkt…)
56 | - [ ] Use honeypots
57 | 
58 | ### Social
59 | 
60 | - [ ] Avoid posting locations
61 | - [ ] Avoid posting your trips and vacations (people know you ain’t home)
62 | - [ ] Avoid clear posting patterns (random post habits)
63 | - [ ] Do you need this profile?
64 | 
65 | ### System
66 | - [ ] Regular backups
67 | - [ ] Setup backup reminders (TimeMachine does it for you)
68 | - [ ] Redundant backups (if you lose one)
69 | - [ ] Use a strong session password
70 | - [ ] Encrypt data
71 | - [ ] Lock firmware with a password
72 | - [ ] Turn on secure boot, with its maximum settings
73 | - [ ] Disallow booting from something else than the hard drive
74 | - [ ] OS should have protection features built in and turned on
75 | - [ ] Have a good firewall, with restrictive settings
76 | - [ ] Check confidentiality settings
77 | 


--------------------------------------------------------------------------------