[Ipg-smz] Security training for hams

Carol Pinchefsky will_edit_for_food at mac.com
Tue Aug 6 20:38:25 UTC 2019 

Wow. This is hella thorough, guys.

Carol

> 
> 4. Understanding basic multi-factor authentication and why a wider ID footprint is good
> 
>    a. OS vs browser vs site vs non-browser app authentication-- who's guarding what
> 
>    b. What passwordless really means
> 
>    c. Why unique passwords are important, since your identity and at least a few of your passwords are ALREADY OWNED & NOW published no matter who you think you are.
> 
>    d. Password keepers and how they work
> 
>    e. Why syncrhonization can kill your work across all of your platforms.
> 
> 5. Packet Radio and why there's no encryption
> 
>    a. Basic APRS, state of the art X.25 networking and it still works, but can be impersonated so simply 
> 
>    b. Digital modes from RTTY to FT4 and they DON'T USE authentication and why (Part 95)
> 
>    c. Spectrum theft by organizations that aren't hams, yet use opaque protocols that can't be identified (see eHam's treatments of the topic)
> 
>    d. Bruce Perens' work on non-proprietery digital protocols and why
> 
> 6. Infection vectors and how
> 
>    a. Your firewall/router, smartphones, computers, digital appliances, IoT devices
> 
>    b. Email phishing (as below)
> 
>    c. Portable media
> 
>    d. browsing maladies
> 
> 7. Backup, backup, then backup your friends and civilians, based on the 3-2-1 plan
> 
>    a. Three backups, two local, one offsite
> 
>    b. Backup all devices (after updating them) and send one to a trusted place, regularly
> 
>    c. Never put network storage devices directly on the open internet, ever, for any reason, at any time (they're bot lunch)
> 
>    d. In the event of theft/fire/destruction, the offsite backup saves your bacon (or beans, if you're vegetarian)
> 
> 73 W9YW
> 
> On 8/5/19 5:57 PM, Wayne Rash via Ipg-smz wrote:
>> I’m putting together a presentation on computer security for ham radio operators. The club has a high proportion of very smart engineers and a bunch of nuclear physicists, but as you’d expect, they know little about security.
>> 
>>  
>> So I’m putting together a list of topics.
>> 
>>  
>> Why hams are at risk (they use free software from unverified sites and they believe that Macs are invulnerable)
>> What the risks are:
>> Phishing
>> Credential theft through social engineering
>> Ransomware and how to limit the damage
>> Failure to patch
>> How to limit the risks
>> Know how to identify a phishing email (I have examples of actual emails)
>> How to identify social engineering
>> How to patch
>> How and why to back up your data and why a network share isn’t secure, and neither is an air gap.
>>  
>> Any thoughts on what else I should include?
>> 
>>  
>> Wayne Rash
>> 
>> 703-425-9231
>> 
>> 703-200-4915 cell
>> 
>>  
>> 
>> 
> -- 
> Tom Henderson
> ExtremeLabs, Inc.
> +1 317 250 4646
> Twitter: @extremelabs
> Skype: extremelabsinc
> -- 
> Ipg-smz mailing list
> Ipg-smz at netpress.org
> http://netpress.org/mailman/listinfo/ipg-smz_netpress.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://netpress.org/pipermail/ipg-smz_netpress.org/attachments/20190806/2a9b2ebd/attachment-0001.html>

More information about the Ipg-smz mailing list