[Ipg-smz] Security training for hams

Richi Jennings richi.ipg at richi.uk
Wed Aug 7 10:10:38 UTC 2019 

and why a "fire safe" isn't safe against fire (for backup media)

// @RiCHi <http://twitter.com/RiCHi> | +44.7789.200701 | 1.408.256.0084 |
richi.uk



On Tue, Aug 6, 2019 at 1:45 AM Tom Henderson via Ipg-smz <
ipg-smz at netpress.org> wrote:

> 4. Understanding basic multi-factor authentication and why a wider ID
> footprint is good
>
>    a. OS vs browser vs site vs non-browser app authentication-- who's
> guarding what
>
>    b. What passwordless really means
>
>    c. Why unique passwords are important, since your identity and at least
> a few of your passwords are ALREADY OWNED & NOW published no matter who you
> think you are.
>
>    d. Password keepers and how they work
>
>    e. Why syncrhonization can kill your work across all of your platforms.
>
> 5. Packet Radio and why there's no encryption
>
>    a. Basic APRS, state of the art X.25 networking and it still works, but
> can be impersonated so simply
>
>    b. Digital modes from RTTY to FT4 and they DON'T USE authentication and
> why (Part 95)
>
>    c. Spectrum theft by organizations that aren't hams, yet use opaque
> protocols that can't be identified (see eHam's treatments of the topic)
>
>    d. Bruce Perens' work on non-proprietery digital protocols and why
>
> 6. Infection vectors and how
>
>    a. Your firewall/router, smartphones, computers, digital appliances,
> IoT devices
>
>    b. Email phishing (as below)
>
>    c. Portable media
>
>    d. browsing maladies
>
> 7. Backup, backup, then backup your friends and civilians, based on the
> 3-2-1 plan
>
>    a. Three backups, two local, one offsite
>
>    b. Backup all devices (after updating them) and send one to a trusted
> place, regularly
>
>    c. Never put network storage devices directly on the open internet,
> ever, for any reason, at any time (they're bot lunch)
>
>    d. In the event of theft/fire/destruction, the offsite backup saves
> your bacon (or beans, if you're vegetarian)
>
> 73 W9YW
> On 8/5/19 5:57 PM, Wayne Rash via Ipg-smz wrote:
>
> I’m putting together a presentation on computer security for ham radio
> operators. The club has a high proportion of very smart engineers and a
> bunch of nuclear physicists, but as you’d expect, they know little about
> security.
>
>
>
> So I’m putting together a list of topics.
>
>
>
>    1. Why hams are at risk (they use free software from unverified sites
>    and they believe that Macs are invulnerable)
>    2. What the risks are:
>       1. Phishing
>       2. Credential theft through social engineering
>       3. Ransomware and how to limit the damage
>       4. Failure to patch
>    3. How to limit the risks
>       1. Know how to identify a phishing email (I have examples of actual
>       emails)
>       2. How to identify social engineering
>       3. How to patch
>       4. How and why to back up your data and why a network share isn’t
>       secure, and neither is an air gap.
>
>
>
> Any thoughts on what else I should include?
>
>
>
> Wayne Rash
>
> 703-425-9231
>
> 703-200-4915 cell
>
>
>
> --
> Tom Henderson
> ExtremeLabs, Inc.
> +1 317 250 4646
> Twitter: @extremelabs
> Skype: extremelabsinc
>
> --
> Ipg-smz mailing list
> Ipg-smz at netpress.org
> http://netpress.org/mailman/listinfo/ipg-smz_netpress.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://netpress.org/pipermail/ipg-smz_netpress.org/attachments/20190807/58a87601/attachment.html>

More information about the Ipg-smz mailing list