Security notes - security for the everyday person: Difference between revisions

From Helpful
Jump to navigation Jump to search
Line 298: Line 298:
In security, you do threat modeling, a.k.a. figuring out '''what problem you are trying to solve'''.
In security, you do threat modeling, a.k.a. figuring out '''what problem you are trying to solve'''.


Because if it solves problems you didn't have in the first place,
 
based on "overheard in public", and [[fud|fear, uncertainty, and doubt]],
Because  
then you bought a sales pitch, rather than actual security.
: if it solves problems you didn't have in the first place,
: or if it solves a minor one but forgets a much larger one
then chances are you bought a sales pitch, rather than actual security -- particularly if based on [[fear, uncertainty, and doubt]] based marketing and other "overheard in public" stuff.


This can even have negative effects, e.g.  
This can even have negative effects, e.g.  
when actually nothing changed in your safety
when actually nothing changed in your safety
but you think you are safer, and act more careless.
but you only ''think'' you are safer, and act more careless.






The main selling point is often that all your traffic goes to your VPN company's servers first (encrypted),  
The main point of a VPN is often that all your traffic goes to your VPN company's servers first (encrypted),  
and only ''then'' to the rest of the internet (unencrypted).
and only ''then'' to the rest of the internet (unencrypted).


So they often primarily are a '''proxy''': to the thing you are connecting to, you come from that VPN company's servers, not from your own ISP's  
So they often primarily are a '''proxy''' that cannot be snooped on for part of the path
: whether that has any added value depends on what you're doing
: As far as the remote side is concerned, you come from that VPN company's servers, not from your own ISP's  
 
: As far as the ISP is converned, it's just another secure connection.
:: They can know ''that'' it's a VPN connection, but nothing about the contents.
 
: As far as the ISP, or anyone on your home network, or office network, or coffe shop wifi is concerned, the contents are unknown
:: For most browser requests, this is true already.
 
 
Whether either of those have any added value depends on what you're doing.


: the enc
Also, they add encryption, but as those parentheses suggest, only for part of the path.  
Also, they add encryption, but as those parentheses suggest, only for part of the path.  
: whether that has any added value depends on who you (dis)trust more
: whether that has any added value depends on who you (dis)trust more

Revision as of 17:55, 8 April 2024

Security related stuff.


Linux - PAM notes · SELinux

Securing services


A little more practical


More techincal waffling

Message signing notes · Hashing notes ·
Auth - identity and auth notes
Encryption - Encryption notes · public key encryption notes · data-at-rest encryption ·pre-boot authentication · encrypted connections

Unsorted - · Anonymization notes · website security notes · integrated security hardware · Glossary · unsorted

Is it important to use antivirus/malware protection?

Is it important to encrypt my laptop or phone?

Is it important to encrypt my PC?

Is it important to use two-factor authentication?

Is it important to use a password manager?

Is it important to use a VPN?

Is it important to use secure mail?

So these messenging apps are the end-all then?

Retrieved from "https://helpful.knobs-dials.com/index.php?title=Security_notes_-_security_for_the_everyday_person&oldid=95043"