[Ipg-smz] Security training for hams

Tom Henderson thenderson at extremelabs.com
Tue Aug 6 00:44:59 UTC 2019 

4. Understanding basic multi-factor authentication and why a wider ID 
footprint is good

    a. OS vs browser vs site vs non-browser app authentication-- who's 
guarding what

    b. What passwordless really means

    c. Why unique passwords are important, since your identity and at 
least a few of your passwords are ALREADY OWNED & NOW published no 
matter who you think you are.

    d. Password keepers and how they work

    e. Why syncrhonization can kill your work across all of your platforms.

5. Packet Radio and why there's no encryption

    a. Basic APRS, state of the art X.25 networking and it still works, 
but can be impersonated so simply

    b. Digital modes from RTTY to FT4 and they DON'T USE authentication 
and why (Part 95)

    c. Spectrum theft by organizations that aren't hams, yet use opaque 
protocols that can't be identified (see eHam's treatments of the topic)

    d. Bruce Perens' work on non-proprietery digital protocols and why

6. Infection vectors and how

    a. Your firewall/router, smartphones, computers, digital appliances, 
IoT devices

    b. Email phishing (as below)

    c. Portable media

    d. browsing maladies

7. Backup, backup, then backup your friends and civilians, based on the 
3-2-1 plan

    a. Three backups, two local, one offsite

    b. Backup all devices (after updating them) and send one to a 
trusted place, regularly

    c. Never put network storage devices directly on the open internet, 
ever, for any reason, at any time (they're bot lunch)

    d. In the event of theft/fire/destruction, the offsite backup saves 
your bacon (or beans, if you're vegetarian)

73 W9YW

On 8/5/19 5:57 PM, Wayne Rash via Ipg-smz wrote:
>
> I’m putting together a presentation on computer security for ham radio 
> operators. The club has a high proportion of very smart engineers and 
> a bunch of nuclear physicists, but as you’d expect, they know little 
> about security.
>
> So I’m putting together a list of topics.
>
>  1. Why hams are at risk (they use free software from unverified sites
>     and they believe that Macs are invulnerable)
>  2. What the risks are:
>      1. Phishing
>      2. Credential theft through social engineering
>      3. Ransomware and how to limit the damage
>      4. Failure to patch
>  3. How to limit the risks
>      1. Know how to identify a phishing email (I have examples of
>         actual emails)
>      2. How to identify social engineering
>      3. How to patch
>      4. How and why to back up your data and why a network share isn’t
>         secure, and neither is an air gap.
>
> Any thoughts on what else I should include?
>
> Wayne Rash
>
> 703-425-9231
>
> 703-200-4915 cell
>
>
-- 
Tom Henderson
ExtremeLabs, Inc.
+1 317 250 4646
Twitter: @extremelabs
Skype: extremelabsinc

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://netpress.org/pipermail/ipg-smz_netpress.org/attachments/20190805/ac9bdc14/attachment.html>

More information about the Ipg-smz mailing list