Establishing Best InfoSec Practices (Discussion/ Guides)

"Don't get Scroogled!" -Microsoft

"Your Windows 10 update is downloaded and ready to install. Now or later?" - Microsoft

@Ethereal Totally forgot I had started a draft here:
Mashed that together quickly a couple months ago and then forgot about it lol. I'm also too busy to really edit it before the end of October so if you want you can take control of it.

1 Like

That looks pretty good, but I'm still not sure how to organize everything. I giant list seems to be the go to.

We talking about business or home?

I worked as a sys admin in medical and am currently a security analyst for a bank. I know a bit about security for business side I could probably help out with.

Home mostly.

What kind of input you want specifically? I'd be more than happy to help?

Mostly just running home use like you would an enterprise environment. System hardening for tech enthusiasts if that makes sense.

Password manager, two factor auth, firewalls etc is good for a home user. But doesn't matter if stuff you have running is not up to date. Running an OS with updates turned off is very stupid from a security standpoint. Does your router get security updates in a timely manner? Etc. Keeping your stuff updated is step number one.

Alot of that depends on network infrastructure and money.

I recommend buying a dell sonicwall firewall (or using a more robust home or SOHO device) and turning off services or ports. I usually just turn them all off minus 80, 8080, 443, and turn on more as I go. I have a list at the house of what services need to be on to make everything work normally.

Then you have to worry about patch management since you probably don't have an auotmated system. Just set a reminder to check your devices once a month. I do this on the 20th of each month. If no updates are available just reboot the device for smooth operation.

I don't have any fancy stuff at the house, but if I did, I'd create VLANs and ACL for those VLANs. Change your IP schema and turn off DHCP. If you want a guest network just have a cheap wifi router for guest and give it a decent password and don't connect it to your intranet (I did this.) I don't trust VLAN'ing or 'guest' wifi connections to protect my LAN.

Password managers are great. Use the random password generator set to 24 digit password and never worry about it again. Make your master password at least 32 digits. Thelazyducklikestoeatbananapancakesnearthewaterafterschool! - that password would probably never be cracked.

Guns and obvious cameras at home are your best security.

I use full disk encrpytion.

I use a VPN connection via my router straight to PIA. I have rules for roku to bypass since hulu and netflix don't like VPNs.

I just use gmail though I've been thinking of setting up my own email server.

I encrypt my cell phone as well.

1 Like

Think browser security should be in the list..

This is all good stuff, what is pricing like on sonicwall for home use? I use them in the enterprise and it's anything but cheap.

I think a check list would be cool for this thread.

TZ series aren't too bad. Last I checked like 150-350 dollars.

I wonder how it compares to something like pfSense

Actually reading the EULA and Tos on stuff
And my fav:

That is the best opening paragraph I have read in a long time

pfSense can be very powerful, but also depends on what you run it on. More expensive hardware would mean more performance. The $300 Security Gateway on the pfSense store is a very capable firewall for a home user though.

that's a pretty nifty device. I'd probably recommend that over the dell device any day of the week since you won't have to buy the store out just to get features like you do with the sonicwall.