[Ipg-smz] Security training for hams

Wayne Rash wrash at mindspring.com
Wed Aug 7 20:24:26 UTC 2019 

It’s very thorough. I won’t be able to use it all in the presentation because of time limitations.

 

But it gives me ideas for further work. 

 

Thanks Everyone.

 

WR

 

From: Ipg-smz <ipg-smz-bounces at netpress.org> On Behalf Of Carol Pinchefsky via Ipg-smz
Sent: Tuesday, August 6, 2019 4:38 PM
To: ipg-smz at netpress.org
Cc: Carol Pinchefsky <will_edit_for_food at mac.com>
Subject: Re: [Ipg-smz] Security training for hams

 

Wow. This is hella thorough, guys.

 

Carol





 

4. Understanding basic multi-factor authentication and why a wider ID footprint is good

   a. OS vs browser vs site vs non-browser app authentication-- who's guarding what

   b. What passwordless really means

   c. Why unique passwords are important, since your identity and at least a few of your passwords are ALREADY OWNED & NOW published no matter who you think you are.

   d. Password keepers and how they work

   e. Why syncrhonization can kill your work across all of your platforms.

5. Packet Radio and why there's no encryption

   a. Basic APRS, state of the art X.25 networking and it still works, but can be impersonated so simply 

   b. Digital modes from RTTY to FT4 and they DON'T USE authentication and why (Part 95)

   c. Spectrum theft by organizations that aren't hams, yet use opaque protocols that can't be identified (see eHam's treatments of the topic)

   d. Bruce Perens' work on non-proprietery digital protocols and why

6. Infection vectors and how

   a. Your firewall/router, smartphones, computers, digital appliances, IoT devices

   b. Email phishing (as below)

   c. Portable media

   d. browsing maladies

7. Backup, backup, then backup your friends and civilians, based on the 3-2-1 plan

   a. Three backups, two local, one offsite

   b. Backup all devices (after updating them) and send one to a trusted place, regularly

   c. Never put network storage devices directly on the open internet, ever, for any reason, at any time (they're bot lunch)

   d. In the event of theft/fire/destruction, the offsite backup saves your bacon (or beans, if you're vegetarian)

73 W9YW

On 8/5/19 5:57 PM, Wayne Rash via Ipg-smz wrote:

I’m putting together a presentation on computer security for ham radio operators. The club has a high proportion of very smart engineers and a bunch of nuclear physicists, but as you’d expect, they know little about security. 

 

So I’m putting together a list of topics.

 

1.	Why hams are at risk (they use free software from unverified sites and they believe that Macs are invulnerable)
2.	What the risks are:

a.	Phishing
b.	Credential theft through social engineering
c.	Ransomware and how to limit the damage
d.	Failure to patch

3.	How to limit the risks

a.	Know how to identify a phishing email (I have examples of actual emails)
b.	How to identify social engineering
c.	How to patch
d.	How and why to back up your data and why a network share isn’t secure, and neither is an air gap.

 

Any thoughts on what else I should include?

 

Wayne Rash

703-425-9231

703-200-4915 cell

 





-- 
Tom Henderson
ExtremeLabs, Inc.
+1 317 250 4646
Twitter: @extremelabs
Skype: extremelabsinc

-- 
Ipg-smz mailing list
Ipg-smz at netpress.org <mailto:Ipg-smz at netpress.org> 
http://netpress.org/mailman/listinfo/ipg-smz_netpress.org

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://netpress.org/pipermail/ipg-smz_netpress.org/attachments/20190807/4e42b51d/attachment-0001.html>

More information about the Ipg-smz mailing list