[Ipg-smz] Security training for hams

Richi Jennings richi.jennings at richi.co.uk
Wed Aug 7 10:11:42 UTC 2019 

oh, and why using SMS as a second factor is pointless

// @RiCHi <http://twitter.com/RiCHi> | +44.7789.200701 | 1.408.256.0084 |
richi.uk



On Wed, Aug 7, 2019 at 11:10 AM Richi Jennings <richi.ipg at richi.uk> wrote:

> and why a "fire safe" isn't safe against fire (for backup media)
>
> // @RiCHi <http://twitter.com/RiCHi> | +44.7789.200701 | 1.408.256.0084 |
> richi.uk
>
>
>
> On Tue, Aug 6, 2019 at 1:45 AM Tom Henderson via Ipg-smz <
> ipg-smz at netpress.org> wrote:
>
>> 4. Understanding basic multi-factor authentication and why a wider ID
>> footprint is good
>>
>>    a. OS vs browser vs site vs non-browser app authentication-- who's
>> guarding what
>>
>>    b. What passwordless really means
>>
>>    c. Why unique passwords are important, since your identity and at
>> least a few of your passwords are ALREADY OWNED & NOW published no matter
>> who you think you are.
>>
>>    d. Password keepers and how they work
>>
>>    e. Why syncrhonization can kill your work across all of your platforms.
>>
>> 5. Packet Radio and why there's no encryption
>>
>>    a. Basic APRS, state of the art X.25 networking and it still works,
>> but can be impersonated so simply
>>
>>    b. Digital modes from RTTY to FT4 and they DON'T USE authentication
>> and why (Part 95)
>>
>>    c. Spectrum theft by organizations that aren't hams, yet use opaque
>> protocols that can't be identified (see eHam's treatments of the topic)
>>
>>    d. Bruce Perens' work on non-proprietery digital protocols and why
>>
>> 6. Infection vectors and how
>>
>>    a. Your firewall/router, smartphones, computers, digital appliances,
>> IoT devices
>>
>>    b. Email phishing (as below)
>>
>>    c. Portable media
>>
>>    d. browsing maladies
>>
>> 7. Backup, backup, then backup your friends and civilians, based on the
>> 3-2-1 plan
>>
>>    a. Three backups, two local, one offsite
>>
>>    b. Backup all devices (after updating them) and send one to a trusted
>> place, regularly
>>
>>    c. Never put network storage devices directly on the open internet,
>> ever, for any reason, at any time (they're bot lunch)
>>
>>    d. In the event of theft/fire/destruction, the offsite backup saves
>> your bacon (or beans, if you're vegetarian)
>>
>> 73 W9YW
>> On 8/5/19 5:57 PM, Wayne Rash via Ipg-smz wrote:
>>
>> I’m putting together a presentation on computer security for ham radio
>> operators. The club has a high proportion of very smart engineers and a
>> bunch of nuclear physicists, but as you’d expect, they know little about
>> security.
>>
>>
>>
>> So I’m putting together a list of topics.
>>
>>
>>
>>    1. Why hams are at risk (they use free software from unverified sites
>>    and they believe that Macs are invulnerable)
>>    2. What the risks are:
>>       1. Phishing
>>       2. Credential theft through social engineering
>>       3. Ransomware and how to limit the damage
>>       4. Failure to patch
>>    3. How to limit the risks
>>       1. Know how to identify a phishing email (I have examples of
>>       actual emails)
>>       2. How to identify social engineering
>>       3. How to patch
>>       4. How and why to back up your data and why a network share isn’t
>>       secure, and neither is an air gap.
>>
>>
>>
>> Any thoughts on what else I should include?
>>
>>
>>
>> Wayne Rash
>>
>> 703-425-9231
>>
>> 703-200-4915 cell
>>
>>
>>
>> --
>> Tom Henderson
>> ExtremeLabs, Inc.
>> +1 317 250 4646
>> Twitter: @extremelabs
>> Skype: extremelabsinc
>>
>> --
>> Ipg-smz mailing list
>> Ipg-smz at netpress.org
>> http://netpress.org/mailman/listinfo/ipg-smz_netpress.org
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://netpress.org/pipermail/ipg-smz_netpress.org/attachments/20190807/2ae7a012/attachment.html>

More information about the Ipg-smz mailing list